RHEL 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (RHSA-2025:12283)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:12283 advisory. Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core:...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to protobuf-java (CVE-2024-7254)

Summary protobuf-java is vulnerable to a StackOverflow attack. This vulnerability affects IBM Spectrum Control. CVE-2024-7254. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...

CVE-2025-6615

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWANwizard4 of the file /goform/formAutoDetecWANwizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

board-stm32f103rc-berial 安全漏洞

board-stm32f103rc-berial is an application by uyk personal developer. A security vulnerability exists in board-stm32f103rc-berial, which originates from a stack buffer overflow due to the incorrect operation of parameter num in file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1hal.c...

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 2.0 release. See references for release notes.

JBoss EAP XP 5.0 Update 2.0 release. See references for release notes. JBoss EAP XP 5.0 Update 2.0 GA release. See references for release notes. Security Fixes: org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator CVE-2024-8447...

BIT-ELASTICSEARCH-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

Security Bulletin: IBM Match 360 is vulnerable to a denial of service from IBM WebSphere Application Server Liberty vulnerability found in Google Protocol Buffers (CVE-2024-7254)

Summary IBM Match 360 is vulnerable to a denial service from IBM WebSphere Application Server Liberty use of vulnerable Google Protocol Buffers. This affects IBM WebSphere Application Server Liberty 20.0.0.12 - 24.0.0.10 with the specified features enabled. Any project that parses untrusted...

Security Bulletin: StackOverflow Vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: StackOverflow vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Important: protobuf

Issue Overview: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf...

Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.27, 5.12.x < 5.12.14 / 5.13.x < 5.17.4 / 10.0.x < 10.1.1 (JSDSERVER-15617)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15617 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested...

Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

CVE-2024-7254

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion. Mitigation Mitigation for this issue is either not available or the...