SUSE CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

EEF-CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Summary Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

API Versioning in Spring

In this 2nd blog post of the Road to GA series highlighting major features within the Spring portfolio for the next major versions to be released in November, I’m going to focus on the upcoming API Versioning support in Spring Framework 7. Introduction API versioning is a challenging topic. Most...

CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599...

PDM Trojan Lockfile

Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...

GHSA-M489-XR35-FJXR Regular Expression Denial of Service in millisecond

Versions of millisecond prior to 0.1.2 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of concept var ms = require'millisecond'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

[SECURITY] Fedora 34 Update: rust-versions-3.0.2-1.fc34

Library for parsing and comparing software version numbers...

SUSE-SU-2021:2102-1 Security update for Salt

This update fixes the following issues: salt: - Parsing Epoch out of version provided during pkg remove bsc1173692 - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module bsc1185281 CVE-2021-31607 - Transactionalupdate: detect recursion in the...

Joyent Node.js ms Denial of Service Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js ms due to the program failing to properly parse long version strings. This allows remote attackers to conduct denial of service attacks by...

ovirt-engine: Crash of API when parsing unxepected version number

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service process crash for all VMs...

Squid < 3.1 5 HTTP Version Number Parsing Denial of Service Exploit

Exploit for multiple platform in category dos / poc =================================================================== Squid ; chomp$vulnserverip; @maliciousversion="9.9"...

Preemptive Protection against Squid HTTP Version Number Parsing Denial of Service

A denial of service vulnerability was reported in the Squid proxy server. The Squid proxy server is a popular open source, Internet proxy and web caching application.The vulnerability is due to inappropriate parsing of the version number when processing malformed HTTP requests. Remote...