Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1370 | 2 Json-smart Project, Redhat | 9 Json-smart, Amq Clients, Amq Streams and 6 more | 2025-02-27 | 7.5 High |
| [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. | ||||
| CVE-2023-1436 | 2 Jettison Project, Redhat | 9 Jettison, Camel Quarkus, Camel Spring Boot and 6 more | 2025-02-26 | 5.9 Medium |
| An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. | ||||
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2025-02-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||||
| CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 7.5 High |
| A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
| CVE-2024-57699 | 1 Redhat | 4 Apache Camel Hawtio, Apache Camel Spring Boot, Camel Quarkus and 1 more | 2025-02-06 | 7.5 High |
| A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. | ||||
| CVE-2023-31893 | 1 Telefonica | 2 Brasil Vivo Play, Brasil Vivo Play Firmware | 2025-01-31 | 7.5 High |
| Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | ||||
| CVE-2024-3247 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-3248 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-4568 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2025-01-23 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-47163 | 1 Remarshal Project | 1 Remarshal | 2025-01-08 | 7.5 High |
| Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-54731 | 2025-01-08 | 4 Medium | ||
| cpdf through 2.8 allows stack consumption via a crafted PDF document. | ||||
| CVE-2024-49363 | 2024-12-19 | 7.4 High | ||
| Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request. Leading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server. | ||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2024-12-04 | 7.5 High |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | ||||
| CVE-2023-36632 | 1 Python | 1 Python | 2024-11-27 | 7.5 High |
| The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | ||||
| CVE-2024-4340 | 1 Redhat | 5 Ansible Automation Platform, Openstack, Rhui and 2 more | 2024-11-21 | 7.5 High |
| Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. | ||||
| CVE-2024-34158 | 2 Go Build Constraint, Redhat | 11 Go Standard Library, Cryostat, Enterprise Linux and 8 more | 2024-11-21 | 7.5 High |
| Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | ||||
| CVE-2024-34156 | 2 Go Standard Library, Redhat | 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more | 2024-11-21 | 7.5 High |
| Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | ||||
| CVE-2024-34155 | 1 Redhat | 15 Ceph Storage, Cost Management, Cryostat and 12 more | 2024-11-21 | 4.3 Medium |
| Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | ||||