OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

CVE-2023-48014

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevcparsevpsextension function at /mediatools/avparsers.c...

DoS (Denial of Service) com.fasterxml.jackson.core in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-31419 Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

jackson-databind Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Stack overflow

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function...

Important: bind

Issue Overview: The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of availab...

Elasticsearch 8.9.1 / 7.17.13 Security Update

Elasticsearch StackOverflow vulnerability ESA-2023-14 A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Affected Versions: Elasticsearch versions from 7.0.0 to 7.17.12 and fr...

CVE-2023-36184

CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json...

Denial Of Service (DoS)

libsass.so is vulnerable to Denial Of Service DoS. The vulnerability exists in ComplexSelector::hasplaceholder at astselectors.cpp due to a stack overflow which allows an attacker to cause an application crash...

Denial Of Service (DoS)

com.fasterxml.jackson.dataformat: jackson-dataformat-toml is vulnerable to Denial of Service DoS attacks. The vulnerability is due a lack of a max nesting depth; If the TOML parser is run on user supplied input an attacker is able to cause a stackoverflow, resulting in an application crash...

CVE-2023-37716

Tenda F1202 V1.0BRV1.2.0.20408 and FH1202V1.2.0.19EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting...

CVE-2020-22336

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

Medium: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CVE-2022-38750 Affected Packages: snakeyaml Issue...

CVE-2023-33635

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm...

CVE-2023-31554

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2Object. This vulnerability allows attackers to cause a Denial of Service DoS...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

Potential XSS in content script via StackOverflow about_me

Description Alby has a feature called "batteries", which makes tipping on third party sites easier, e.g. by detecting lightning network addresses and so donating using the extensions becomes easy. One of those sites is stackoverflow. The alby extension will use the stackoverflow/stackexchange API...

CVE-2023-29917

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm...

Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service caused by a Java StackOverflow exception(CVE-2020-36518),CVE-2020-25649,

Summary IBM Security Verify Governance is vulnerable to a denial of service caused by a Java StackOverflow exceptionCVE-2020-36518,IBM Security Verify Governance is vulnerable to a denial of service caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...