Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37315 | 1 Graphql-go Project | 1 Graphql-go | 2022-08-05 | N/A | 7.5 HIGH |
| graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. | |||||
| CVE-2019-10761 | 1 Vm2 Project | 1 Vm2 | 2022-07-21 | N/A | 8.3 HIGH |
| This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code. | |||||
| CVE-2021-38566 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. | |||||
| CVE-2022-31099 | 1 Pomsky-lang | 1 Pomsky | 2022-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. | |||||
| CVE-2020-36366 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36368 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36370 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36371 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36369 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36372 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36375 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36367 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36374 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-36373 | 1 Cesanta | 1 Mjs | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2021-42697 | 1 Akka | 1 Http Server | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | |||||
| CVE-2020-6071 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | |||||
| CVE-2021-22144 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2022-05-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. | |||||
| CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||||
| CVE-2020-13800 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2022-04-28 | 4.9 MEDIUM | 6.0 MEDIUM |
| ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | |||||
| CVE-2021-29591 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For example, the `While` implementation(https://github.com/tensorflow/tensorflow/blob/106d8f4fb89335a2c52d7c895b7a7485465ca8d9/tensorflow/lite/kernels/while.cc) could be tricked into a scneario where both the body and the loop subgraphs are the same. Evaluating one of the subgraphs means calling the `Eval` function for the other and this quickly exhaust all stack space. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. Please consult our security guide(https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. | |||||