Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-674
Total 177 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12243 8 Apple, Broadcom, Canonical and 5 more 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more 2022-04-29 5.0 MEDIUM 7.5 HIGH
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-13800 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2022-04-28 4.9 MEDIUM 6.0 MEDIUM
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE-2020-25219 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-04-28 5.0 MEDIUM 7.5 HIGH
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
CVE-2021-29591 1 Google 1 Tensorflow 2022-04-25 4.6 MEDIUM 7.8 HIGH
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For example, the `While` implementation(https://github.com/tensorflow/tensorflow/blob/106d8f4fb89335a2c52d7c895b7a7485465ca8d9/tensorflow/lite/kernels/while.cc) could be tricked into a scneario where both the body and the loop subgraphs are the same. Evaluating one of the subgraphs means calling the `Eval` function for the other and this quickly exhaust all stack space. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. Please consult our security guide(https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
CVE-2019-19645 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2022-04-15 2.1 LOW 5.5 MEDIUM
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2022-23974 1 Apache 1 Pinot 2022-04-15 5.0 MEDIUM 7.5 HIGH
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
CVE-2021-28903 1 Cesnet 1 Libyang 2022-04-05 5.0 MEDIUM 7.5 HIGH
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVE-2019-15144 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2022-23606 1 Envoyproxy 1 Envoy 2022-03-02 4.0 MEDIUM 6.5 MEDIUM
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
CVE-2022-23889 1 Yzmcms 1 Yzmcms 2022-02-03 5.0 MEDIUM 5.3 MEDIUM
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
CVE-2021-46195 1 Gnu 1 Gcc 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
CVE-2020-16094 2 Claws-mail, Fedoraproject 2 Claws-mail, Fedora 2022-01-04 5.0 MEDIUM 7.5 HIGH
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2019-9071 3 Canonical, Gnu, Netapp 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more 2021-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
CVE-2020-29566 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2021-12-09 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.
CVE-2020-15101 1 Schokokeks 1 Freewvs 2021-11-18 4.0 MEDIUM 3.3 LOW
In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.
CVE-2019-11779 5 Canonical, Debian, Eclipse and 2 more 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more 2021-10-28 4.0 MEDIUM 6.5 MEDIUM
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
CVE-2021-38569 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2021-08-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
CVE-2020-9861 1 Apple 1 Swift 2021-07-21 5.0 MEDIUM 7.5 HIGH
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.
CVE-2020-11647 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
CVE-2020-13164 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.