CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

PT-2023-22016 · Unknown · Graphql-Java

Name of the Vulnerable Software and Affected Versions: graphql-java versions prior to 20.1 graphql-java versions prior to 19.4 graphql-java versions prior to 18.4 graphql-java versions prior to 17.5 Description: An attacker can send a crafted GraphQL query that causes stack consumption. The issue...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

CVE-2023-28867 affects GraphQL Java (graphql-java) prior to 20.1; a specially crafted GraphQL query can cause stack consumption, leading to denial of service. Fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135. IBM and ENISA-related bulletins corroborate a DoS condit...

Amazon Linux 2023 : cpp, gcc, gcc-c++ (ALAS2023-2023-145)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-145 advisory. libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. CVE-2022-27943 Tenable has extracted the preceding description block directly from the...

Low: gcc

Issue Overview: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. CVE-2022-27943 Affected Packages: gcc Issue Correction: Run dnf update gcc --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-145 --releasever...

K01074825: libcroco vulnerability CVE-2020-12825

Security Advisory Description libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K02884135: Binutils vulnerability CVE-2019-9071

Security Advisory Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls. CVE-2019-9071 Impact There is no impact; F5 products are not affected by this...

K35710418: Binutils vulnerability CVE-2018-17985

Security Advisory Description An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P'...

K44551633: Multiple tcpdump vulnerabilities

Security Advisory Description CVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpcapabilitiesprint BGPCAPCODERESTART. CVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. CVE-2018-16227 The IEEE 802.11 parser...

SUSE CVE-2010-1917

Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service PHP crash via a crafted first argument to the fnmatch function, as demonstrated using a long string...

SUSE CVE-2010-3710

Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory consumption and application crash via a long e-mail address string...

SUSE CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

SUSE CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

SUSE CVE-2013-2004

The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...

SUSE CVE-2015-2779

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service uncontrolled recursion via a crafted massage...

SUSE CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

SUSE CVE-2016-4571

The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted xml file...

SUSE CVE-2016-4570

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted xml file...

SUSE CVE-2017-11554

There is a stack consumption vulnerability in the lex function in parser.hpp as used in sassc in LibSass 3.4.5. A crafted input will lead to a remote denial of service...