Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20334 | 1 Nasm | 1 Netwide Assembler | 2020-08-24 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | ||||
| CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2020-08-24 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | ||||
| CVE-2019-13288 | 1 Glyphandcog | 1 Xpdfreader | 2020-08-24 | N/A |
| In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. | ||||
| CVE-2019-9143 | 1 Exiv2 | 1 Exiv2 | 2020-08-24 | N/A |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2018-18484 | 1 Gnu | 1 Binutils | 2020-08-24 | N/A |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. | ||||
| CVE-2018-20993 | 1 Yaml-rust Project | 1 Yaml-rust | 2020-08-24 | N/A |
| An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. | ||||
| CVE-2019-13103 | 1 Denx | 1 U-boot | 2020-08-24 | 7.1 High |
| A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | ||||
| CVE-2018-20994 | 1 Trust-dns-proto Project | 1 Trust-dns-proto | 2020-08-24 | N/A |
| An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | ||||
| CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2020-08-24 | N/A |
| Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | ||||
| CVE-2019-15542 | 1 Ammonia Project | 1 Ammonia | 2020-08-24 | N/A |
| An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. | ||||
| CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 7.5 High |
| In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | ||||
| CVE-2019-12212 | 1 Freeimage Project | 1 Freeimage | 2020-08-24 | N/A |
| When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file. | ||||
| CVE-2019-13955 | 1 Mikrotik | 1 Routeros | 2020-08-24 | N/A |
| Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. | ||||
| CVE-2019-13129 | 1 Motorola | 2 Cx2l Mwr04l, Cx2l Mwr04l Firmware | 2020-08-24 | N/A |
| On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | ||||
| CVE-2019-18936 | 1 Bloq | 1 Univalue | 2020-08-24 | 7.5 High |
| UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. | ||||
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2020-08-24 | N/A |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-9243 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2020-08-11 | 5.5 Medium |
| HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. | ||||
| CVE-2020-5591 | 1 Xack | 1 Xack Dns | 2020-06-11 | 7.5 High |
| XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. | ||||
| CVE-2018-21232 | 1 Re2c | 1 Re2c | 2020-05-14 | 5.5 Medium |
| re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. | ||||
| CVE-2018-9138 | 1 Gnu | 1 Binutils | 2020-04-29 | N/A |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | ||||