Total
225 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-18797 | 1 Sass-lang | 1 Libsass | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. | |||||
CVE-2018-16452 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | |||||
CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | |||||
CVE-2019-20395 | 1 Cesnet | 1 Libyang | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | |||||
CVE-2019-18854 | 1 10up | 1 Safe Svg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. | |||||
CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | |||||
CVE-2019-13123 | 2 Foxitsoftware, Microsoft | 2 Foxit Reader, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). | |||||
CVE-2018-4002 | 1 Cujo | 2 Smart Firewall, Smart Firewall Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | |||||
CVE-2019-17450 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | |||||
CVE-2019-18853 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | |||||
CVE-2018-16300 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | |||||
CVE-2019-13955 | 1 Mikrotik | 1 Routeros | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. | |||||
CVE-2019-13103 | 1 Denx | 1 U-boot | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | |||||
CVE-2019-13288 | 1 Glyphandcog | 1 Xpdfreader | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. | |||||
CVE-2019-12213 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | |||||
CVE-2019-11026 | 2 Fedoraproject, Freedesktop | 2 Fedora, Poppler | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | |||||
CVE-2019-1010183 | 1 Serde-yaml Project | 1 Serde-yaml | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later. | |||||
CVE-2019-15144 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. | |||||
CVE-2019-11024 | 1 Libsixel Project | 1 Libsixel | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. | |||||
CVE-2019-12295 | 4 Canonical, Debian, F5 and 1 more | 16 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 13 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. |