Moodle vulnerable to Uncontrolled Resource Consumption

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

GHSA-273W-7FXJ-PCP6 Moodle vulnerable to Uncontrolled Resource Consumption

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

UBUNTU-CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

Denial of service

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

CVE-2021-36395

CVE-2021-36395 affects Moodle via the file repository URL parsing, where insufficient recursion handling is the root cause that could lead to a denial-of-service. The provided sources (NVD, OSV, GHSA, CNVD, CNVD/OSV mirrors) consistently describe the issue as an uncontrolled resource consumption ...

Denial Of Service (DoS)

github.com/hashicorp/go-getter is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded recursion when decompressing a ZIP archive, resulting in an application crash when decompressing a maliciously crafted archive, or "ZIP Bomb"...

K69488451: Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863

Security Advisory Description CVE-2020-13791 hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. CVE-2020-13800 ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite...

K01074825: libcroco vulnerability CVE-2020-12825

Security Advisory Description libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K62012529: BIND vulnerability CVE-2016-1286

Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 Impact An attacke...

K26346590: GNU C Library vulnerabilities CVE-2019-9192 and CVE-2018-20796

Security Advisory Description CVE-2019-9192 DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that...

K16576941: ISC BIND vulnerability CVE-2018-5737

Security Advisory Description A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching...

K27155546: BIND vulnerability CVE-2022-38177

Security Advisory Description By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE-2022-38177 Impact There i...

K16347: Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117

Security Advisory Description CVE-2014-8116 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2 section headers or 3 invalid capabilities. CVE-2014-8117 softmagic.c in file before 5.21 does...

SUSE CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

SUSE CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...