Lucene search
K

365 matches found

RedHat Linux
RedHat Linux
added 2026/05/13 3:29 p.m.14 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.6AI score0.0058EPSS
Exploits1References6
CVE
CVE
added 2026/05/13 2:46 p.m.25 views

CVE-2026-45740

Protobufjs vulnerability CVE-2026-45740 arises from unbounded recursion when expanding deeply nested JSON descriptors (Root.fromJSON(), Namespace.addJSON()). Before versions 7.5.8 and 8.2.0, crafted JSON descriptors could exhaust the JavaScript call stack, causing a Denial of Service. The issue a...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 2:39 p.m.9 views

CVE-2026-44289 protobufjs: Denial of service through unbounded protobuf recursion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:39 p.m.77 views

CVE-2026-44289 protobufjs: Denial of service through unbounded protobuf recursion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...

7.5CVSS0.0058EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/13 8:1 a.m.9 views

jq: Stack overflow via unbounded recursion in jv_contains

...

6.8CVSS5.8AI score0.00161EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.13 views

SUSE CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

5.5CVSS5.8AI score0.00154EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/05/12 3:1 p.m.12 views

NPM: protobuf.js: Denial of service through unbounded protobuf recursion

NPM: protobuf.js: Denial of service through unbounded protobuf recursion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.59 views

protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the GetAllPaths function in the UFS/UFS2 file system image parser, which allowed recursive subdirectories without...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.23 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 6:16 p.m.11 views

CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS0.00161EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.10 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 6:16 p.m.6 views

UBUNTU-CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References3
OSV
OSV
added 2026/05/11 6:16 p.m.9 views

UBUNTU-CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.46 views

CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 5:24 p.m.13 views

EUVD-2026-29174

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 5:24 p.m.32 views

CVE-2026-43896

CVE-2026-43896 (jq) : In jq versions 1.8.1 and earlier, unbounded recursion in the function jv_object_merge_recursive() can cause a crafted jq program to crash the process with a segfault when using the object operator (*) on two objects. Affected component is the jq JSON processor; the vulnerabi...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/11 5:24 p.m.12 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 5:16 p.m.52 views

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS0.00161EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 5:16 p.m.19 views

CVE-2026-40612

CVE-2026-40612 affects jq (1.8.1 and earlier). The root cause is an unbounded recursion in the function jv_contains that recurses into nested arrays/objects with no depth limit, eventually exhausting the C stack when presented with a deeply nested input (constructed programmatically with reduce, ...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder