Total
256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31019 | 1 Vapor | 1 Vapor | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. | |||||
| CVE-2022-23591 | 1 Google | 1 Tensorflow | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-3222 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 5.5 MEDIUM |
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2023-05-17 | N/A | 5.5 MEDIUM |
| In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | |||||
| CVE-2022-1771 | 1 Vim | 1 Vim | 2023-05-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | |||||
| CVE-2021-3997 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2023-05-03 | N/A | 5.5 MEDIUM |
| A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | |||||
| CVE-2022-41881 | 2 Debian, Netty | 2 Debian Linux, Netty | 2023-03-01 | N/A | 7.5 HIGH |
| Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. | |||||
| CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2023-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | |||||
| CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2023-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | |||||
| CVE-2019-17450 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2023-02-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | |||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | |||||
| CVE-2018-4002 | 1 Cujo | 2 Smart Firewall, Smart Firewall Firmware | 2023-02-03 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | |||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2023-02-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | |||||
| CVE-2022-38334 | 1 Xpdfreader | 1 Xpdf | 2023-01-31 | N/A | 5.5 MEDIUM |
| XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | |||||
| CVE-2021-36773 | 4 Debian, Sciruby, Ublockorigin and 1 more | 4 Debian Linux, Nmatrix, Ublock Origin and 1 more | 2023-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | |||||
| CVE-2021-39257 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-01-13 | 4.7 MEDIUM | 5.5 MEDIUM |
| A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | |||||
| CVE-2021-30471 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2022-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | |||||
| CVE-2021-30470 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2022-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | |||||
| CVE-2022-23516 | 1 Loofah Project | 1 Loofah | 2022-12-19 | N/A | 7.5 HIGH |
| Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. | |||||
| CVE-2022-23500 | 1 Typo3 | 1 Typo3 | 2022-12-16 | N/A | 7.5 HIGH |
| TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1. | |||||