Total
177 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38334 | 1 Xpdfreader | 1 Xpdf | 2023-01-31 | N/A | 5.5 MEDIUM |
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | |||||
CVE-2023-22617 | 1 Powerdns | 1 Recursor | 2023-01-31 | N/A | 7.5 HIGH |
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1. | |||||
CVE-2021-36773 | 4 Debian, Sciruby, Ublockorigin and 1 more | 4 Debian Linux, Nmatrix, Ublock Origin and 1 more | 2023-01-19 | 5.0 MEDIUM | 7.5 HIGH |
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). | |||||
CVE-2021-39257 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-01-13 | 4.7 MEDIUM | 5.5 MEDIUM |
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | |||||
CVE-2022-31628 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2023-01-12 | N/A | 5.5 MEDIUM |
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | |||||
CVE-2022-47662 | 1 Gpac | 1 Gpac | 2023-01-11 | N/A | 5.5 MEDIUM |
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | |||||
CVE-2022-23516 | 1 Loofah Project | 1 Loofah | 2022-12-19 | N/A | 7.5 HIGH |
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. | |||||
CVE-2022-23500 | 1 Typo3 | 1 Typo3 | 2022-12-16 | N/A | 7.5 HIGH |
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1. | |||||
CVE-2022-46405 | 1 Joinmastodon | 1 Mastodon | 2022-12-06 | N/A | 7.5 HIGH |
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | |||||
CVE-2020-10704 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-11-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | |||||
CVE-2022-42321 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-11-28 | N/A | 6.5 MEDIUM |
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. | |||||
CVE-2021-31525 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2022-11-08 | 2.6 LOW | 5.9 MEDIUM |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. | |||||
CVE-2020-20213 | 1 Mikrotik | 1 Routeros | 2022-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2022-11-03 | N/A | 4.4 MEDIUM |
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | |||||
CVE-2020-12825 | 1 Gnome | 1 Libcroco | 2022-10-26 | 5.8 MEDIUM | 7.1 HIGH |
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | |||||
CVE-2020-18898 | 1 Exiv2 | 1 Exiv2 | 2022-10-26 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | |||||
CVE-2020-18392 | 1 Cesanta | 1 Mjs | 2022-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
CVE-2021-3997 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2022-10-18 | N/A | 5.5 MEDIUM |
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | |||||
CVE-2021-39929 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2022-10-16 | 5.0 MEDIUM | 7.5 HIGH |
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
CVE-2022-27810 | 1 Facebook | 1 Hermes | 2022-10-11 | N/A | 7.5 HIGH |
It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0. |