Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-674
Total 177 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20819 1 Foxitsoftware 2 Phantompdf, Reader 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
CVE-2020-13164 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
CVE-2019-20815 1 Foxitsoftware 1 Phantompdf 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
CVE-2019-9543 1 Freedesktop 1 Poppler 2021-07-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
CVE-2020-11647 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
CVE-2018-0739 3 Canonical, Debian, Openssl 3 Ubuntu Linux, Debian Linux, Openssl 2021-07-20 4.3 MEDIUM 6.5 MEDIUM
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
CVE-2021-36154 1 Linuxfoundation 1 Grpc Swift 2021-07-13 5.0 MEDIUM 7.5 HIGH
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
CVE-2018-6003 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Libtasn1 2021-06-29 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
CVE-2021-28210 1 Tianocore 1 Edk2 2021-06-24 4.6 MEDIUM 7.8 HIGH
An unlimited recursion in DxeCore in EDK II.
CVE-2021-30471 3 Fedoraproject, Podofo Project, Redhat 3 Fedora, Podofo, Enterprise Linux 2021-06-08 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30470 3 Fedoraproject, Podofo Project, Redhat 3 Fedora, Podofo, Enterprise Linux 2021-06-07 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-27432 1 Opcfoundation 2 Ua-.net-legacy, Ua .net Standard Stack 2021-06-01 5.0 MEDIUM 7.5 HIGH
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2021-29615 1 Google 1 Tensorflow 2021-05-18 2.1 LOW 5.5 MEDIUM
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2017-9438 1 Virustotal 1 Yara 2021-05-06 5.0 MEDIUM 7.5 HIGH
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2019-18853 1 Imagemagick 1 Imagemagick 2021-04-28 4.3 MEDIUM 6.5 MEDIUM
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2021-21359 1 Typo3 1 Typo3 2021-03-26 5.0 MEDIUM 7.5 HIGH
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.
CVE-2020-1898 1 Facebook 1 Hhvm 2021-03-17 5.0 MEDIUM 7.5 HIGH
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
CVE-2021-28040 1 Ossec 1 Ossec 2021-03-09 5.0 MEDIUM 7.5 HIGH
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.
CVE-2017-11164 1 Pcre 1 Pcre 2021-02-25 7.8 HIGH 7.5 HIGH
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
CVE-2020-12100 2 Debian, Dovecot 2 Debian Linux, Dovecot 2021-01-06 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.