Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11597 | 1 Espruino | 1 Espruino | 2022-10-03 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. | ||||
| CVE-2018-11254 | 1 Podofo Project | 1 Podofo | 2022-10-03 | N/A |
| An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. | ||||
| CVE-2019-6292 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2022-10-03 | N/A |
| An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. | ||||
| CVE-2019-6290 | 1 Nasm | 1 Netwide Assembler | 2022-10-03 | N/A |
| An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | ||||
| CVE-2019-6291 | 1 Nasm | 1 Netwide Assembler | 2022-10-03 | N/A |
| An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | ||||
| CVE-2019-6285 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2022-10-03 | N/A |
| The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | ||||
| CVE-2021-3530 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2022-09-28 | 7.5 High |
| A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | ||||
| CVE-2021-42717 | 4 Debian, F5, Oracle and 1 more | 5 Debian Linux, Nginx Modsecurity Waf, Http Server and 2 more | 2022-09-03 | 7.5 High |
| ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. | ||||
| CVE-2021-20255 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-08-05 | 5.5 Medium |
| A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2022-37315 | 1 Graphql-go Project | 1 Graphql-go | 2022-08-05 | 7.5 High |
| graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. | ||||
| CVE-2019-10761 | 1 Vm2 Project | 1 Vm2 | 2022-07-21 | 8.3 High |
| This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code. | ||||
| CVE-2021-38566 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2022-07-12 | 7.5 High |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. | ||||
| CVE-2022-31099 | 1 Pomsky-lang | 1 Pomsky | 2022-07-11 | 6.5 Medium |
| rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. | ||||
| CVE-2020-36369 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36366 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36367 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36368 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36370 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36371 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-36372 | 1 Cesanta | 1 Mjs | 2022-06-28 | 5.5 Medium |
| Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||