Total
253 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15118 | 5 Canonical, Debian, Linux and 2 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | |||||
CVE-2019-14235 | 2 Djangoproject, Opensuse | 2 Django, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | |||||
CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | |||||
CVE-2019-15144 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. | |||||
CVE-2019-1010182 | 1 Yaml-rust Project | 1 Yaml-rust | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later. | |||||
CVE-2019-13129 | 1 Motorola | 2 Cx2l Mwr04l, Cx2l Mwr04l Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | |||||
CVE-2019-13103 | 1 Denx | 1 U-boot | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | |||||
CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | |||||
CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | |||||
CVE-2018-20994 | 1 Trust-dns-proto Project | 1 Trust-dns-proto | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | |||||
CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | |||||
CVE-2019-13288 | 1 Glyphandcog | 1 Xpdfreader | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. | |||||
CVE-2019-1010183 | 1 Serde-yaml Project | 1 Serde-yaml | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later. | |||||
CVE-2019-13955 | 1 Mikrotik | 1 Routeros | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. | |||||
CVE-2019-12213 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | |||||
CVE-2019-11026 | 2 Fedoraproject, Freedesktop | 2 Fedora, Poppler | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | |||||
CVE-2019-12295 | 4 Canonical, Debian, F5 and 1 more | 16 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 13 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. | |||||
CVE-2018-18020 | 1 Qpdf Project | 1 Qpdf | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. | |||||
CVE-2019-6291 | 1 Nasm | 1 Netwide Assembler | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | |||||
CVE-2018-18484 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. |