libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the asn1expendoctetstring function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service DoS condition, making the...

Low: Red Hat Security Advisory: libtasn1 security update

An update for libtasn1 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CVE-2026-50193

jackson-databind’s tree model is vulnerable to a Denial-of-Service when deeply nested JSON is read with ObjectMapper.readTree() and then serialized with JsonNode.toString(); the issue exists from 2.13.0 through 2.14.0 and can consume resources under concurrent requests (e.g., 1000 nested arrays ~...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the asn1expendoctetstring function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service DoS condition, making the...

CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

CVE-2026-56114

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

EUVD-2026-38494

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

CVE-2026-56115

The CVE-2026-56115 issue affects dhcpcd up to 10.3.2. A one-byte stack out-of-bounds write exists in dhcp6_makemessage() in src/dhcp6.c, triggered by serializing an oversized RFC6603 OPTION_PD_EXCLUDE body. An unauthenticated, same-link attacker can send a crafted DHCPv6 ADVERTISE message contain...

CVE-2026-56115 dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

EUVD-2026-38492

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

H3C Magic R300-2100M - Remote Code Execution

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. id: CVE-2023-33629 info: name: H3C Magic R300-2100M - Remote Code Execution author: DhiyaneshDK severity: high description: | H3C Magic R300 version...

CVE-2026-48502

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

CVE-2026-48512

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

EUVD-2026-38389

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

CVE-2026-48502 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

CVE-2026-48502

MessagePack-CSharp contains a Denial of Service vulnerability in MessagePackReader.ReadDateTime() where a stack allocation is driven by attacker-controlled extension length. In the slow path, tokenSize includes the extension body length and is used in a stackalloc before the extension length is v...

CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

EUVD-2026-38388

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...