Vulnerabilities (CVE)

Filtered by CWE-674
Total 271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24472 1 Openimageio 1 Openimageio 2024-11-21 N/A 7.5 HIGH
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.
CVE-2023-1436 1 Jettison Project 1 Jettison 2024-11-21 N/A 5.9 MEDIUM
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
CVE-2022-48545 1 Xpdfreader 1 Xpdf 2024-11-21 N/A 5.5 MEDIUM
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
CVE-2022-47374 1 Siemens 18 6ag1414-3em07-7ab0, 6ag1414-3em07-7ab0 Firmware, 6ag1416-3es07-7ab0 and 15 more 2024-11-21 N/A 7.5 HIGH
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
CVE-2022-42321 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 N/A 6.5 MEDIUM
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.
CVE-2022-41881 2 Debian, Netty 2 Debian Linux, Netty 2024-11-21 N/A 5.3 MEDIUM
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CVE-2022-40150 2 Debian, Jettison Project 2 Debian Linux, Jettison 2024-11-21 N/A 6.5 MEDIUM
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
CVE-2022-3222 1 Gpac 1 Gpac 2024-11-21 N/A 5.5 MEDIUM
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-3216 1 Nintendo 2 Game Boy Color, Game Boy Color Firmware 2024-11-21 N/A 5.0 MEDIUM
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This vulnerability affects unknown code of the component Mobile Adapter GB. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-208606 is the identifier assigned to this vulnerability.
CVE-2022-38334 1 Xpdfreader 1 Xpdf 2024-11-21 N/A 5.5 MEDIUM
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
CVE-2022-37315 1 Graphql-go Project 1 Graphql-go 2024-11-21 N/A 7.5 HIGH
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.
CVE-2022-31173 1 Juniper Project 1 Juniper 2024-11-21 N/A 7.5 HIGH
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.
CVE-2022-31099 1 Pomsky-lang 1 Pomsky 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue.
CVE-2022-31052 2 Fedoraproject, Matrix 2 Fedora, Synapse 2024-11-21 3.5 LOW 6.5 MEDIUM
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
CVE-2022-31019 1 Vapor 1 Vapor 2024-11-21 5.0 MEDIUM 7.5 HIGH
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.
CVE-2022-30974 3 Artifex, Debian, Fedoraproject 3 Mujs, Debian Linux, Fedora 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
CVE-2022-30635 1 Golang 1 Go 2024-11-21 N/A 7.5 HIGH
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
CVE-2022-30633 1 Golang 1 Go 2024-11-21 N/A 7.5 HIGH
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
CVE-2022-30632 1 Golang 1 Go 2024-11-21 N/A 7.5 HIGH
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
CVE-2022-30631 1 Golang 1 Go 2024-11-21 N/A 7.5 HIGH
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.