CLSA-2025-1759411642 libxml2: Fix of CVE-2025-9714

CVE-2025-9714: preserve recursion depth across recursive calls to prevent stack overflow in XPath evaluation...

OESA-2025-2285 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handli...

DEBIAN-CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

CVE-2025-9714 Stack overflow in libxml2

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

CVE-2025-9714

CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

CLSA-2025-1757017511 protobuf: Fix of CVE-2024-7254

CVE-2024-7254: prevent stack overflow by limiting recursion depth when parsing nested Protocol Buffers data...

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-38614

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an improperly limited recursion depth that could lead to resource exhaustion...

PT-2025-33812

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the eventpoll subsystem that could allow for semi-unbounded recursion. The issue stems from insufficient depth checks when creating graph edges...

OESA-2025-1800 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

DEBIAN-CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

Denial of Service(DOS) in JSONReader

Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...

CLSA-2025-1738170437 hivex: Fix of CVE-2021-3622

CVE-2021-3622: fix possible stack overflow by adding the depth of recursion in the getchildren...

CLSA-2025-1738170241 hivex: Fix of CVE-2021-3622

CVE-2021-3622: fix possible stack overflow by adding the depth of recursion in the getchildren...

bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

F5 Networks BIG-IP : Python vulnerabilities (K000139698)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139698 advisory. - Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...