Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5839

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Feb, 2017 | 15:00
Updated At-05 Aug, 2024 | 15:11
Rejected At-
Credits

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Feb, 2017 | 15:00
Updated At:05 Aug, 2024 | 15:11
Rejected At:
▼CVE Numbering Authority (CNA)

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96001
vdb-entry
x_refsource_BID
http://www.debian.org/security/2017/dsa-3819
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisory
x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2017/02/02/9
mailing-list
x_refsource_MLIST
https://bugzilla.gnome.org/show_bug.cgi?id=777265
x_refsource_CONFIRM
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201705-10
vendor-advisory
x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2017/02/01/7
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/96001
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Resource:
x_refsource_CONFIRM
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201705-10
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96001
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2017/dsa-3819
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.openwall.com/lists/oss-security/2017/02/02/9
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.gnome.org/show_bug.cgi?id=777265
x_refsource_CONFIRM
x_transferred
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201705-10
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.openwall.com/lists/oss-security/2017/02/01/7
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96001
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201705-10
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2017 | 15:59
Updated At:20 Apr, 2025 | 01:37

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

gstreamer_project
gstreamer_project
>>gstreamer>>Versions up to 1.10.2(inclusive)
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.debian.org/security/2017/dsa-3819cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2017/02/01/7cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/02/9cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96001cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2060cve@mitre.org
N/A
https://bugzilla.gnome.org/show_bug.cgi?id=777265cve@mitre.org
Issue Tracking
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3cve@mitre.org
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201705-10cve@mitre.org
N/A
http://www.debian.org/security/2017/dsa-3819af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2017/02/01/7af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/02/9af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96001af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2060af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.gnome.org/show_bug.cgi?id=777265af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201705-10af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96001
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201705-10
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2017/dsa-3819
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/01/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2017/02/02/9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2060
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.gnome.org/show_bug.cgi?id=777265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201705-10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found

CVE-2021-36154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.90%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 11:02
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-grpc_swiftn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-36773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.99%
||
7 Day CHG~0.00%
Published-18 Jul, 2021 | 03:34
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

Action-Not Available
Vendor-scirubyumatrix_projectublockoriginn/aDebian GNU/Linux
Product-ublock_originumatrixdebian_linuxnmatrixn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-3530
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 14:31
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-ontap_select_deploy_administration_utilitybinutilsbinutils
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-10704
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.93% / 92.25%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSESambaFedora ProjectRed Hat, Inc.
Product-sambadebian_linuxfedoraleapsamba
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-12100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.79% / 90.94%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:07
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2016-9597
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.12%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Action-Not Available
Vendor-Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-ubuntu_linuxdebian_linuxlibxml2icewall_file_managericewall_federation_agentleaplibxml2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 83.82%
||
7 Day CHG+0.59%
Published-07 Dec, 2021 | 21:08
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Action-Not Available
Vendor-owasptrustwaven/aF5, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxhttp_serverzfs_storage_appliance_kitnginx_modsecurity_wafmodsecurityn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2019 | 14:36
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Action-Not Available
Vendor-10upn/a
Product-safe_svgn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-10089
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.91%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:27
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-9192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.82%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-8961
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 14:20
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.

Action-Not Available
Vendor-flexeran/a
Product-flexnet_publishern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-21 Mar, 2020 | 00:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.

Action-Not Available
Vendor-bloqn/a
Product-univaluen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-16163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 17:10
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.

Action-Not Available
Vendor-ammonia_projectn/a
Product-ammonian/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-14235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.54% / 88.74%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 14:34
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Action-Not Available
Vendor-n/aDjangoopenSUSE
Product-djangoleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2016-3627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.24%
||
7 Day CHG+0.09%
Published-17 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-icewall_file_managerenterprise_linux_serverenterprise_linux_server_aussolarislibxml2enterprise_linux_eusleapicewall_federation_agentubuntu_linuxenterprise_linux_desktopjboss_core_servicesvm_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.49%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 14:48
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-cx2l_mwr04l_firmwarecx2l_mwr04ln/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2016-10707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.09%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 23:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

Action-Not Available
Vendor-n/ajQuery (OpenJS Foundation)
Product-jqueryn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:18
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:29
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11937
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-04 Dec, 2019 | 16:00
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.

Action-Not Available
Vendor-Facebook
Product-mcrouterMcrouter
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11413
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 19:14
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mujsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-27432
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:20
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Action-Not Available
Vendor-opcfoundationn/a
Product-ua_.net_standard_stackua-.net-legacyOPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-28903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.12%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 18:36
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.92%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 15:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Action-Not Available
Vendor-freeimage_projectn/a
Product-freeimagen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 83.90%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 11:56
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationF5, Inc.Debian GNU/Linux
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systemwiresharkbig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxbig-ip_link_controllerbig-ip_access_policy_managerbig-ip_advanced_firewall_managern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-28040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

Action-Not Available
Vendor-ossecn/a
Product-ossecn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.64%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:47
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-0001
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.Fedora Project
Product-junosfedoraJunos OS
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-8015
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.15% / 88.20%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 17:00
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.

Action-Not Available
Vendor-The Apache Software Foundation
Product-orcApache ORC
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-6003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.87%
||
7 Day CHG~0.00%
Published-22 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUFedora Project
Product-debian_linuxlibtasn1fedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • Next
Details not found