5149 matches found
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...
ROS-20260313-73-0029
A vulnerability in the clippush function of the Linux operating system kernel is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...
CVE-2026-32141
A denial of service flaw has been discovered in the flatted npm library. flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded,...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...
DEBIAN-CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
CVE-2026-32141
The CVE concerns the flatted library (circular JSON parser). Before version 3.4.0, flatted.parse() uses a recursive revive() phase to resolve circular references; crafted payloads with deeply nested or self-referential $ indices can cause unbounded recursion, leading to a stack overflow that cras...
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
flatted 安全漏洞
Flatted is a lightweight and fast cycle-based JSON parser developed by Andrea Giammarchi. Versions of Flatted prior to 3.4.0 contained a security vulnerability. This vulnerability stemmed from the recursive depth of the parse function when handling specially crafted payloads, which could lead to ...
PT-2026-25037
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
CVE-2026-1069
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...
CVE-2026-1069 Uncontrolled Recursion in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...
CVE-2026-1069 Uncontrolled Recursion in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...
CVE-2026-1069
GitLab CE/EE versions 18.9 before 18.9.2 are affected by an unauthenticated denial-of-service via specially crafted GraphQL requests that trigger uncontrolled recursion under certain conditions. The issue has been remediated in GitLab 18.9.2; patch/update to 18.9.2 or newer. Attacker access requi...
CVE-2026-1069
Removed by vendor...
OPENSUSE-SU-2026:20340-1 Security update for cJSON
This update for cJSON fixes the following issues: - Update to version 1.7.19 Check for NULL in cJSONDetachItemViaPointer. Check overlap before calling strcpy in cJSONSetValuestring. Fix Max recursion depth for cJSONDuplicate to prevent stack exhaustion. Allocate memory for the temporary buffer wh...