Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-20213

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Jul, 2021 | 13:28
Updated At-04 Aug, 2024 | 14:15
Rejected At-
Credits

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Jul, 2021 | 13:28
Updated At:04 Aug, 2024 | 14:15
Rejected At:
ā–¼CVE Numbering Authority (CNA)

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://mikrotik.com/
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/May/10
x_refsource_MISC
https://cwe.mitre.org/data/definitions/674.html
x_refsource_MISC
Hyperlink: https://mikrotik.com/
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2021/May/10
Resource:
x_refsource_MISC
Hyperlink: https://cwe.mitre.org/data/definitions/674.html
Resource:
x_refsource_MISC
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://mikrotik.com/
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2021/May/10
x_refsource_MISC
x_transferred
https://cwe.mitre.org/data/definitions/674.html
x_refsource_MISC
x_transferred
Hyperlink: https://mikrotik.com/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/May/10
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cwe.mitre.org/data/definitions/674.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Jul, 2021 | 14:15
Updated At:07 Nov, 2022 | 14:17

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches

MikroTik
mikrotik
>>routeros>>6.44.5
cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2021/May/10cve@mitre.org
Mailing List
Third Party Advisory
https://cwe.mitre.org/data/definitions/674.htmlcve@mitre.org
Third Party Advisory
https://mikrotik.com/cve@mitre.org
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/May/10
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://cwe.mitre.org/data/definitions/674.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://mikrotik.com/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

65Records found

CVE-2019-13955
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.75% / 88.67%
||
7 Day CHG~0.00%
Published-26 Jul, 2019 | 12:13
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-1158
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.78%
||
7 Day CHG~0.00%
Published-23 Aug, 2018 | 19:00
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-36614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.80%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:34
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36613
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.80%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:34
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.17% / 86.59%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 18:21
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.10% / 79.60%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 11:20
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.17% / 86.59%
||
7 Day CHG-0.13%
Published-18 May, 2021 | 18:22
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.94% / 77.82%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:14
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-20212
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.88% / 77.11%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:27
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.11% / 79.67%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:26
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-20219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 78.35%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 13:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.58% / 72.76%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:30
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20214
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.11% / 86.31%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 18:21
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-20246
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.74% / 84.48%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 19:11
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20265
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.11% / 79.71%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20253
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.10% / 79.60%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 13:51
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-20250
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.79%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:59
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.81% / 84.95%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 18:22
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20227
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.08% / 86.22%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 19:10
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.00% / 78.52%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 11:39
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-20231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.01% / 78.62%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 13:53
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20254
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.10% / 79.60%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 13:52
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 72.24%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:29
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.74% / 84.48%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 19:09
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-20262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.14% / 80.00%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 13:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-20267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.83%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.91% / 85.42%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 13:49
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-20264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.10% / 79.60%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 11:19
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-20252
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.48%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 17:06
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.08% / 61.26%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 15:13
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20225
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.04% / 78.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:31
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-20248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.82% / 76.37%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 17:35
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-20249
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.75% / 75.40%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 17:27
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20245
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.74% / 84.48%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 19:14
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.96% / 78.03%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 15:13
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36522
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.11% / 62.29%
||
7 Day CHG~0.00%
Published-26 Aug, 2022 | 17:57
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2018-1159
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.78%
||
7 Day CHG~0.00%
Published-23 Aug, 2018 | 19:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-58370
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.1.0 Uncontrolled Recursion Denial of Service

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-0886
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-1.23% / 65.54%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-6936
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.05%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:10
Updated-28 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-52079
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 48.47%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 15:20
Updated-27 Aug, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Conversion of property names to strings can trigger infinite recursion

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

Action-Not Available
Vendor-kriszypkriszyp
Product-msgpackrmsgpackr
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2017-10910
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.21% / 80.63%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

Action-Not Available
Vendor-mqtt.js_projectMQTT.js.
Product-mqtt.jsMQTT.js
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-22144
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.5||MEDIUM
EPSS-2.18% / 80.34%
||
7 Day CHG+0.52%
Published-26 Jul, 2021 | 11:48
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

Action-Not Available
Vendor-n/aOracle CorporationElasticsearch BV
Product-communications_cloud_native_core_automated_test_suiteelasticsearchn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-44740
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 21.47%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 16:04
Updated-01 Jun, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.

Action-Not Available
Vendor-go-git
Product-go-billy
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-40989
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.7||MEDIUM
EPSS-0.21% / 11.38%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 17:49
Updated-05 Jun, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_cloud_functionSpring Cloud Function
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-41311
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.51%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 04:03
Updated-14 May, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiquidJS is vulnerable to Denial of Service via circular block reference in layout

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loop, consuming all available memory (~4GB) and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service attack. This issue has been patched in version 10.25.7.

Action-Not Available
Vendor-liquidjsharttle
Product-liquidjsliquidjs
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-56148
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 26.91%
||
7 Day CHG+0.04%
Published-01 Jul, 2026 | 16:17
Updated-01 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.

Action-Not Available
Vendor-Elasticsearch BV
Product-Elasticsearch
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-28242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.54% / 72.10%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 05:02
Updated-15 Aug, 2024 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

Action-Not Available
Vendor-n/aDebian GNU/LinuxAsteriskSangoma Technologies Corp.Fedora Project
Product-certified_asteriskasteriskfedoradebian_linuxn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-58102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.33% / 24.84%
||
7 Day CHG+0.01%
Published-11 Mar, 2025 | 00:00
Updated-10 Oct, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.

Action-Not Available
Vendor-datalustDatalust
Product-seqSeq
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-15101
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 21:35
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nested directory structure can lead to Uncontrolled Resource Consumption in freewvs

In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.

Action-Not Available
Vendor-schokokeksschokokeksorg
Product-freewvsfreewvs
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • Next
Details not found