Total
318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2025-02-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||||
| CVE-2024-57257 | 2025-02-19 | 2 Low | ||
| A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. | ||||
| CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 7.5 High |
| A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
| CVE-2024-57699 | 1 Redhat | 4 Apache Camel Hawtio, Apache Camel Spring Boot, Camel Quarkus and 1 more | 2025-02-06 | 7.5 High |
| A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. | ||||
| CVE-2023-31893 | 1 Telefonica | 2 Brasil Vivo Play, Brasil Vivo Play Firmware | 2025-01-31 | 7.5 High |
| Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | ||||
| CVE-2024-3247 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-3248 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-4568 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2025-01-23 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-47163 | 1 Remarshal Project | 1 Remarshal | 2025-01-08 | 7.5 High |
| Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-54731 | 2025-01-08 | 4 Medium | ||
| cpdf through 2.8 allows stack consumption via a crafted PDF document. | ||||
| CVE-2024-49363 | 2024-12-19 | 7.4 High | ||
| Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request. Leading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server. | ||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2024-12-04 | 7.5 High |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | ||||
| CVE-2023-36632 | 1 Python | 1 Python | 2024-11-27 | 7.5 High |
| The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | ||||
| CVE-2024-4340 | 1 Redhat | 5 Ansible Automation Platform, Openstack, Rhui and 2 more | 2024-11-21 | 7.5 High |
| Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. | ||||
| CVE-2024-34158 | 2 Go Build Constraint, Redhat | 11 Go Standard Library, Cryostat, Enterprise Linux and 8 more | 2024-11-21 | 7.5 High |
| Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | ||||
| CVE-2024-34156 | 2 Go Standard Library, Redhat | 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more | 2024-11-21 | 7.5 High |
| Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | ||||
| CVE-2024-34155 | 1 Redhat | 15 Ceph Storage, Cost Management, Cryostat and 12 more | 2024-11-21 | 4.3 Medium |
| Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | ||||
| CVE-2024-2965 | 1 Langchain | 1 Langchain | 2024-11-21 | 4.7 Medium |
| A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality. | ||||