CVE-2024-44996 vsock: fix recursive ->recvmsg calls

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive -recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot-recvmsg has been replaced with vsockbpfrecvmsg. Thus the following recursiion could happen: vsockbpfrecvmsg - vsockrecvmsg -...

libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion

A flaw was found in libproxy in versions 0.4 through 0.4.15. A remote HTTP server can trigger an uncontrolled recursion via a response composed of an infinite stream that lacks a newline character leading to a stack exhaustion. The highest threat from this vulnerability is to system availability...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...

Wireshark CLDAP Dissector Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark CLDAP Dissector DOS', 'Description' = %q This module causes infinite recursion to occur within the CLDAP dissector by sending a special...

freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

GHSA-7PMH-VRWW-25XX freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

Uncontrolled Recursion

@apollo/gateway and @apollo/query-planner are vulnerable to Uncontrolled Recursion. The vulnerability is due to the query planner potentially entering an infinite loop when processing sufficiently complex queries, leading to unbounded memory consumption and possible system crashes...

SUSE CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

CVE-2024-44937

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2024-44937 platform/x86: intel-vbtn: Protect ACPI notify handler against recursion

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2024-44937

The CVE affects the Linux kernel’s Intel VBTN (platform/x86) ACPI notify handler. A race can occur when the notify_handler() runs on multiple CPUs after a change enabling those handlers to operate on all CPUs, notably observed on Dell Venue 7140 during undocking. The race could cause the input-de...

CVE-2024-44937 platform/x86: intel-vbtn: Protect ACPI notify handler against recursion

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a recursion issue in the ACPI notification handler...

Uncontrolled Recursion

matrix-js-sdk is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to an infinite recursion in getRoomUpgradeHistory function causing the code to hang. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle and also by calling...

kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

UBUNTU-CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of Matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 34.2.0, which stems from a malicious home server that can craft a room or room structure so that the predecessor forms a loop, and the getRoomUpgradeHistory function...