Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1492 | 1 Wireshark | 1 Wireshark | 2025-04-10 | N/A | 7.8 HIGH |
| Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2024-25111 | 3 Fedoraproject, Netapp, Squid-cache | 3 Fedora, Bluexp, Squid | 2025-04-10 | N/A | 8.6 HIGH |
| Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue. | |||||
| CVE-2022-47662 | 1 Gpac | 1 Gpac | 2025-04-10 | N/A | 5.5 MEDIUM |
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | |||||
| CVE-2023-29001 | 1 Contiki-ng | 1 Contiki-ng | 2025-04-10 | N/A | 7.5 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability. | |||||
| CVE-2007-3409 | 3 Canonical, Debian, Net-dns | 3 Ubuntu Linux, Debian Linux, Net\ | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | |||||
| CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 7 Ubuntu Linux, Suse Linux, Php and 4 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | |||||
| CVE-2023-22617 | 1 Powerdns | 1 Recursor | 2025-04-03 | N/A | 7.5 HIGH |
| A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1. | |||||
| CVE-2022-37034 | 1 Dotcms | 1 Dotcms | 2025-03-27 | N/A | 5.3 MEDIUM |
| In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | |||||
| CVE-2024-58103 | 2025-03-16 | N/A | 5.8 MEDIUM | ||
| Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt. | |||||
| CVE-2024-58102 | 2025-03-11 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions. | |||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 7.5 HIGH |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | |||||
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2025-02-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |||||
| CVE-2024-57257 | 2025-02-19 | N/A | 2.0 LOW | ||
| A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. | |||||
| CVE-2023-1370 | 1 Json-smart Project | 1 Json-smart | 2025-02-13 | N/A | 7.5 HIGH |
| [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. | |||||
| CVE-2024-57699 | 2025-02-06 | N/A | 7.5 HIGH | ||
| A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. | |||||
| CVE-2023-31893 | 1 Telefonica | 2 Brasil Vivo Play, Brasil Vivo Play Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | |||||
| CVE-2024-3247 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
| In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. | |||||
| CVE-2024-3248 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
| In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. | |||||
| CVE-2024-4568 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
| In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | |||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | N/A | 2.9 LOW |
| In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | |||||