CVE-2026-7164 pf can overflow the stack parsing crafted SCTP packets

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-5408 Uncontrolled Recursion in Wireshark

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5408

CVE-2026-5408 describes an uncontrolled recursion causing a crash in Wireshark’s BT-DHT protocol dissector. Affected versions are Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, with impact listed as denial of service. The connected documents provide the vulnerability name, affected versions, and the exp...

CVE-2026-5408 Uncontrolled Recursion in Wireshark

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5406

Wireshark contains CVE-2026-5406: an Uncontrolled Recursion in the FC-SWILS protocol dissector that crashes the app, enabling a denial of service. Affected versions are Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is tied to the FC-SWILS dissector specifically; exploitation details are not p...

CVE-2026-5406 Uncontrolled Recursion in Wireshark

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5299

Wireshark vulnerability CVE-2026-5299 affects the ICMPv6 PvD protocol dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is an uncontrolled recursion that allows a denial of service via the dissector crash. No exploitation details are provided in the connected documents, and ...

CVE-2026-5401 Uncontrolled Recursion in Wireshark

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5401

CVE-2026-5401 affects Wireshark’s AFP Spotlight protocol dissector. The vulnerability is described as an Uncontrolled Recursion that crashes the dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14, resulting in a denial of service. Root cause stated in the title is uncontrolled recursion...

CVE-2026-5401 Uncontrolled Recursion in Wireshark

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6527 Uncontrolled Recursion in Wireshark

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6527

The CVE-2026-6527 issue affects Wireshark’s ASN.1 PER protocol dissector, with crashes observed in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14 that can lead to a denial of service. The root cause is described as an uncontrolled recursion in the dissector, though explicit technical details (e....

CVE-2026-41606

A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service DoS condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system...

SUSE CVE-2026-41606

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

SUSE CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers CVE-2025-39764 In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6xmit CVE-2025-40135 In the Linux kernel, the...

GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer vulnerability discovered by ? in WordPress Npm marked versions = 18.0.0, = 18.0.1...

Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...