Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5839

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Feb, 2017 | 15:00
Updated At-05 Aug, 2024 | 15:11
Rejected At-
Credits

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Feb, 2017 | 15:00
Updated At:05 Aug, 2024 | 15:11
Rejected At:
▼CVE Numbering Authority (CNA)

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96001
vdb-entry
x_refsource_BID
http://www.debian.org/security/2017/dsa-3819
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisory
x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2017/02/02/9
mailing-list
x_refsource_MLIST
https://bugzilla.gnome.org/show_bug.cgi?id=777265
x_refsource_CONFIRM
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201705-10
vendor-advisory
x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2017/02/01/7
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/96001
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Resource:
x_refsource_CONFIRM
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201705-10
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96001
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2017/dsa-3819
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.openwall.com/lists/oss-security/2017/02/02/9
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.gnome.org/show_bug.cgi?id=777265
x_refsource_CONFIRM
x_transferred
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201705-10
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.openwall.com/lists/oss-security/2017/02/01/7
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96001
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201705-10
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2017 | 15:59
Updated At:20 Apr, 2025 | 01:37

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

gstreamer_project
gstreamer_project
>>gstreamer>>Versions up to 1.10.2(inclusive)
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.debian.org/security/2017/dsa-3819cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2017/02/01/7cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/02/9cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96001cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2060cve@mitre.org
N/A
https://bugzilla.gnome.org/show_bug.cgi?id=777265cve@mitre.org
Issue Tracking
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3cve@mitre.org
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201705-10cve@mitre.org
N/A
http://www.debian.org/security/2017/dsa-3819af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2017/02/01/7af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/02/9af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96001af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2060af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.gnome.org/show_bug.cgi?id=777265af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201705-10af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96001
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201705-10
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201705-10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found

CVE-2020-25219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 78.11%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 20:30
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Action-Not Available
Vendor-libproxy_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlibproxyfedoraleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-10089
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.89%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:27
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-9192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.80%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-8961
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 14:20
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.

Action-Not Available
Vendor-flexeran/a
Product-flexnet_publishern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:47
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:38
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2019 | 14:36
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Action-Not Available
Vendor-10upn/a
Product-safe_svgn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-21 Mar, 2020 | 00:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.

Action-Not Available
Vendor-bloqn/a
Product-univaluen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-16163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.95%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.77%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 17:10
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.

Action-Not Available
Vendor-ammonia_projectn/a
Product-ammonian/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-14235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.54% / 88.73%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 14:34
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Action-Not Available
Vendor-n/aDjangoopenSUSE
Product-djangoleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-28773
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.52%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

Action-Not Available
Vendor-SAP SE
Product-netweaverweb_dispatcherSAP NetWeaver (Internet Communication Manager)SAP Web Dispatcher
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:18
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 15:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Action-Not Available
Vendor-freeimage_projectn/a
Product-freeimagen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.47%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 14:48
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-cx2l_mwr04l_firmwarecx2l_mwr04ln/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:29
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 83.89%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 11:56
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationF5, Inc.Debian GNU/Linux
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systemwiresharkbig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxbig-ip_link_controllerbig-ip_access_policy_managerbig-ip_advanced_firewall_managern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11413
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.00%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 19:14
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mujsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-16452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.63%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:58
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-0001
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.Fedora Project
Product-junosfedoraJunos OS
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-6003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.87%
||
7 Day CHG~0.00%
Published-22 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUFedora Project
Product-debian_linuxlibtasn1fedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-20796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 02:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-glibcontap_select_deploy_administration_utilitycloud_backupsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-16300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.38%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:52
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-43172
Matching Score-4
Assigner-NLnet Labs
ShareView Details
Matching Score-4
Assigner-NLnet Labs
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.50%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 16:41
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite length chain of RRDP repositories

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-routinatorRoutinator
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-42717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 83.81%
||
7 Day CHG+0.59%
Published-07 Dec, 2021 | 21:08
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Action-Not Available
Vendor-owasptrustwaven/aF5, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxhttp_serverzfs_storage_appliance_kitnginx_modsecurity_wafmodsecurityn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-9729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.

Action-Not Available
Vendor-uclibcn/a
Product-uclibcn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-9304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-31 May, 2017 | 03:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

Action-Not Available
Vendor-virustotaln/a
Product-yaran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-9438
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.92%
||
7 Day CHG~0.00%
Published-05 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

Action-Not Available
Vendor-virustotaln/a
Product-yaran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-38569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.82%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:14
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdffoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-27432
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.77%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:20
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Action-Not Available
Vendor-opcfoundationn/a
Product-ua_.net_standard_stackua-.net-legacyOPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-28040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.98%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

Action-Not Available
Vendor-ossecn/a
Product-ossecn/a
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • Next
Details not found