217 matches found
CVE-2024-7254
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...
CVE-2024-7254
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...
CVE-2024-7254
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...
CVE-2024-7254
CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...
CVE-2024-7254
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...
protobuf-java has potential Denial of Service issue
Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...
PT-2024-6442
Name of the Vulnerable Software and Affected Versions protobuf-java versions prior to 3.25.5 Protocol Buffers versions prior to 4.28.2 Description The issue is related to insufficient input validation in the Protocol Buffers library, which can lead to a StackOverflow when parsing untrusted data...
CVE-2024-46045
Tenda CH22 V1.0.0.6468 has a stack overflow vulnerability located in the frmL7PlotForm function...
GO-2024-3082 CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd
CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd...
CWA-2024-005: Stackoverflow in wasmd
Component: wasmd Criticality: High ACMv1: I:Critical; L:Likely Patched versions: wasmd 0.53.0, 0.46.0 See CWA-2024-005 for more details...
CWA-2024-005: Stackoverflow in wasmd
Component: wasmd Criticality: High ACMv1: I:Critical; L:Likely Patched versions: wasmd 0.53.0, 0.46.0 See CWA-2024-005 for more details...
Security Bulletin: Vulnerability in jackson-databind affects watsonx.data
Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...
Denial Of Service (DoS)
org.elasticsearch: elasticsearch is vulnerable to Denial of Service DoS. The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions ...
CVE-2024-37640
TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg...
GHSA-4Q22-422G-M4PJ Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
CVE-2024-37280
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
CVE-2024-37280
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
CVE-2024-37280
The CVE-2024-37280 entry concerns Elasticsearch where a stack overflow can occur during document ingestion if an index template contains a dynamic field mapping of type “passthrough” (an experimental feature), potentially leading to a Denial of Service. The core details present in connected recor...
Elasticsearch 8.13.1 <= 8.13.4 DoS (ESA-2024-14)
The version of Elasticsearch installed on the remote host is between 8.13.1 and 8.13.4. It is, therefore, affected by a denial of service DoS vulnerability as referenced in the ESA-2024-14 advisory: - A flaw was discovered in Elasticsearch, affecting document ingestion when an index template...