12 matches found
CVE-2026-38970
pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...
Astra Linux – Vulnerability in json-smart
Json-smart is a performance-oriented JSON processor library. When encountering a ‘’ or ‘’ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limitations regarding the nesting of such arrays or objects. Since the parsi...
PT-2026-47611
Name of the Vulnerable Software and Affected Versions netty-transport-sctp versions prior to 4.1.135.Final netty-transport-sctp versions prior to 4.2.15.Final Description Netty is a network application framework for developing protocol servers and clients. A flaw exists where the handler processe...
protobuf.js 安全漏洞
protobuf.js is an open-source implementation of the Protocol Buffer library, written entirely in JavaScript. It supports protocols for Node.js and browsers using TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files. Versions prior to 7.5.8 and 8.2.0 of...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
DEBIAN-CVE-2023-1370
Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...
SnakeYAML 资源管理错误漏洞
SnakeYAML is a Java-based YAML parser. A security vulnerability exists in SnakeYAML 1.31 and earlier versions, which stems from a denial of service DoS issue due to the lack of a nesting depth limit for collections...
CVE-2022-25903
The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...
CVE-2022-25903
The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...
PT-2022-17596 · Opcua · Opcua
Name of the Vulnerable Software and Affected Versions: opcua versions 0.0.0 through 0.11.0 Description: The issue allows for Denial of Service DoS via the ExtensionObjects and Variants objects. This occurs because the package allows unlimited nesting levels, which could result in a stack overflow...
Denial of Service (DoS)
Overview opcua is an OPC UA server / client API implementation for Rust. Affected versions of this package are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message siz...