wren 安全漏洞

Wren is a concurrent scripting language developed by Wren OpenSource. Versions of Wren 0.4.0 and earlier contained security vulnerabilities, which stemmed from uncontrolled recursion in the resolveLocal function located in the src/vm/wrencompiler.c file...

PT-2026-22507

Name of the Vulnerable Software and Affected Versions wren-lang wren versions up to 0.4.0 Description A flaw exists in the resolveLocal function within the src/vm/wren compiler.c file. This issue leads to uncontrolled recursion. Local access is required for exploitation. The details of the issue...

PT-2026-22503

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST Node Impl::eval/chaiscript::eval::Function Push Pop of the file include/chaiscript/language/chaiscript eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to...

PT-2026-22510

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

SQUIRREL 安全漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had security vulnerabilities, which stemmed from uncontrolled recursion in the file squirrel/sqcompiler.cpp...

ChaiScript 安全漏洞

ChaiScript is an open-source programming language developed by ChaiScript contributors. Versions of ChaiScript 6.1.0 and earlier contained security vulnerabilities, which were caused by uncontrolled recursion in the function located in the file include/chaiscript/language/chaiscripteval.hpp...

OESA-2026-1432 protobuf security update

Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...

RHEL 9 : protobuf (RHSA-2026:3219)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3219 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

RHEL 10 : protobuf (RHSA-2026:3218)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3218 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

RockyLinux 9 : protobuf (RLSA-2026:3095)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3095 advisory. python: protobuf: Protobuf: Denial of Service due to recursion depth bypass CVE-2026-0994 Tenable has extracted the preceding description block directly from the...

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:0618-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0618-1 advisory. i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable...

Denial Of Service (DoS)

Nodemailer is vulnerable to a denial of service DoS. The vulnerability is due to improper handling of a crafted email address header that triggers infinite recursion in the address parser, which allows an attacker to exhaust resources and disrupt service availability...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

DEBIAN-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

AlmaLinux 9 : protobuf (ALSA-2026:3095)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3095 advisory. python: protobuf: Protobuf: Denial of Service due to recursion depth bypass CVE-2026-0994 Tenable has extracted the preceding description block directly from the...

AlmaLinux 10 : protobuf (ALSA-2026:3094)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3094 advisory. python: protobuf: Protobuf: Denial of Service due to recursion depth bypass CVE-2026-0994 Tenable has extracted the preceding description block directly from the...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

USN-8063-1: Protocol Buffers vulnerability

It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict function is being used. An attacker could possibly use this issue to cause Protocol Buffers to consume resources, resulting in a denial of service...

USN-8063-1 protobuf vulnerability

It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict function is being used. An attacker could possibly use this issue to cause Protocol Buffers to consume resources, resulting in a denial of service...