CWE:
 

Topic
Date
Author
Med.
SAP Netweaver Enqueue Server Trace Pattern Denial Of Service
17.10.2014
CORE


CVEMAP Search Results

CVE
Details
Description
2021-12-07
Medium
CVE-2021-42717

Vendor: Trustwave
Software: Modsecurity
 

 
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

 
2021-11-19
Medium
CVE-2021-39929

Vendor: Wireshark
Software: Wireshark
 

 
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

 
2021-11-09
Medium
CVE-2021-43172

Vendor: Nlnetlabs
Software: Routinator
 

 
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.

 
2021-10-28
Low
CVE-2021-22454

Vendor: Huawei
Software: Harmonyos
 

 
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.

 
2021-08-11
Medium
CVE-2021-38569

Vendor: Foxitsoftware
Software: Foxit reader
 

 
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

 
2021-07-09
Medium
CVE-2021-36154

Vendor: Linuxfoundation
Software: Grpc swift
 

 
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.

 
2021-05-20
Medium
CVE-2021-28903

Vendor: Cesnet
Software: Libyang
 

 
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

 
2021-05-14
Low
CVE-2021-29615

Vendor: Google
Software: Tensorflow
 

 
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

 
2021-03-11
Medium
CVE-2020-1898

Vendor: Facebook
Software: HHVM
 

 
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

 
2021-03-05
Medium
CVE-2021-28040

Vendor: Ossec
Software: Ossec
 

 
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top