Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5971

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Jul, 2024 | 20:51
Updated At-14 Aug, 2025 | 14:48
Rejected At-
Credits

Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Jul, 2024 | 20:51
Updated At:14 Aug, 2025 | 14:48
Rejected At:
▼CVE Numbering Authority (CNA)
Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Affected Products
Collection URL
https://github.com/undertow-io/undertow
Package Name
undertow
Versions
Affected
  • From 0 before 2.2.34.Final (custom)
  • From 2.3.0.Alpha1 before 2.3.15.Final (custom)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Apache Camel 3.20.7 for Spring Boot
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:apache_camel_spring_boot:3.20.7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Apache Camel 4.4.2 for Spring Boot
Collection URL
https://access.redhat.com/downloads/content/package-browser/
CPEs
  • cpe:/a:redhat:apache_camel_spring_boot:4.4.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform 7
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
CPEs
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
eap7-undertow
CPEs
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:2.2.33-1.SP1_redhat_00001.1.el8eap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
eap7-undertow
CPEs
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.2.33-1.SP1_redhat_00001.1.el9eap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
eap7-undertow
CPEs
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Default Status
affected
Versions
Unaffected
  • From 0:2.2.33-1.SP1_redhat_00001.1.el7eap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow-core
CPEs
  • cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Apache Camel for Spring Boot 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:camel_spring_boot:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Apache Camel - HawtIO 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:apache_camel_hawtio:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Quarkus
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
io.quarkus/quarkus-undertow
CPEs
  • cpe:/a:redhat:quarkus:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Data Grid 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:jboss_data_grid:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Fuse 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:jboss_fuse:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Integration Camel K 1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:integration:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Data Grid 7
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
undertow
CPEs
  • cpe:/a:redhat:jboss_data_grid:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
undertow-core
CPEs
  • cpe:/a:redhat:jbosseapxp
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Process Automation 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
undertow
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-674Uncontrolled Recursion
Type: CWE
CWE ID: CWE-674
Description: Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2024-06-13 00:00:00
Made public.2024-07-08 20:46:55
Event: Reported to Red Hat.
Date: 2024-06-13 00:00:00
Event: Made public.
Date: 2024-07-08 20:46:55
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:4392
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4884
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5143
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5144
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5145
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5147
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6508
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6883
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-5971
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2292211
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4392
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4884
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5143
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5144
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5145
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5147
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:6508
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:6883
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-5971
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:4392
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4884
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2024-5971
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2292211
issue-tracking
x_refsource_REDHAT
x_transferred
https://security.netapp.com/advisory/ntap-20240828-0001/
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4392
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4884
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-5971
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240828-0001/
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:08 Jul, 2024 | 21:15
Updated At:19 Sep, 2024 | 20:15

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-674Primarysecalert@redhat.com
CWE ID: CWE-674
Type: Primary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2024:4392secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4884secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5143secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5144secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5145secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5147secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:6508secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:6883secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2024-5971secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2292211secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4884
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5143
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5144
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5145
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5147
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:6508
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:6883
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-5971
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

173Records found

CVE-2025-2240
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.63%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 14:55
Updated-04 Aug, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smallrye-fault-tolerance: smallrye fault tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of QuarkusRed Hat build of Apache Camel 4.8.5 for Spring BootRed Hat JBoss Enterprise Application Platform 8Red Hat build of Quarkus 3.15.4Red Hat build of Apicurio Registry 2Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat Integration Camel K 1Red Hat Build of Apache Camel 4.8 for Quarkus 3.15Red Hat build of Apicurio Registry 3
CWE ID-CWE-1325
Improperly Controlled Sequential Memory Allocation
CVE-2025-1634
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.02%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 16:56
Updated-01 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Build of Apache Camel 4.8 for Quarkus 3.15Streams for Apache Kafka 3.0.0Red Hat build of Quarkus 3.8.6.SP3Streams for Apache Kafka 2.9.1Red Hat build of Quarkus 3.15.3.SP1
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-8768
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.86%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 16:20
Updated-27 Aug, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vllm: a completions api request with an empty prompt will crash the vllm api server.

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux AI (RHEL AI)
CWE ID-CWE-617
Reachable Assertion
CVE-2024-8418
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.27%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 14:24
Updated-24 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime.

Action-Not Available
Vendor-containersRed Hat, Inc.
Product-aardvark-dnsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-7006
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.45%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 20:49
Updated-03 Jun, 2025 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libtiff: null pointer dereference in tif_dirinfo.c

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.LibTIFF
Product-libtiffenterprise_linux_server_ausenterprise_linuxenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1973
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.91%
||
7 Day CHG-0.10%
Published-07 Nov, 2024 | 10:01
Updated-08 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: unrestricted request storage leads to memory exhaustion

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1108
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.81% / 89.07%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 14:48
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: infinite loop in sslconduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.
Product-single_sign-onintegration_camel_kopenshift_application_runtimesopenshift_container_platformenterprise_linuxoncommand_workflow_automationjboss_enterprise_application_platform_expansion_packopenstack_platformbuild_of_quarkusdecision_managerintegration_service_registryprocess_automationundertowopenshift_container_platform_for_powerjboss_enterprise_application_platformopenshift_container_platform_for_linuxonefuseRed Hat Single Sign-On 7.6 for RHEL 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Fuse 7.12Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat support for Spring Boot 2.7.13RHEL-8 based Middleware ContainersRed Hat Integration Service RegistryEAP 7.4.10 releaseRed Hat Integration Camel QuarkusRed Hat Integration Camel KRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7RHPAM 7.13.1 asyncRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat Single Sign-On 7.6 for RHEL 8Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat OpenStack Platform 13 (Queens)Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-3171
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.77%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eap-7: heap exhaustion via deserialization

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformenterprise_linuxRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7EAP 7.4.13Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-3966
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 12:15
Updated-16 May, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

Action-Not Available
Vendor-openvswitchRDOn/aFedora ProjectRed Hat, Inc.
Product-openvswitchfedoraFast Datapath for RHEL 9Red Hat OpenShift Container Platform 3.11openvswitchOpenStack RDOFast Datapath for RHEL 7Red Hat Enterprise Linux 7FedoraFast Datapath for RHEL 8
CWE ID-CWE-248
Uncaught Exception
CVE-2023-39180
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-4||MEDIUM
EPSS-0.11% / 30.61%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 09:53
Updated-06 Aug, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: read request memory leak denial-of-service vulnerability

A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38200
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.44%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-23 Nov, 2024 | 00:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keylime: registrar is subject to a dos against ssl connections

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

Action-Not Available
Vendor-keylimeRed Hat, Inc.Fedora Project
Product-enterprise_linux_server_ausenterprise_linuxfedorakeylimeenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2023-3748
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.02% / 3.66%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Sep, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Action-Not Available
Vendor-frroutingn/aRed Hat, Inc.Fedora Project
Product-frroutingRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8frrFedora
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-34966
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-13.80% / 94.03%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:56
Updated-22 Nov, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: infinite loop in mdssvc rpc service for spotlight

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxSambaFedora ProjectRed Hat, Inc.
Product-sambadebian_linuxfedoraenterprise_linuxRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Storage 3Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update Support
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-7885
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-28.04% / 96.29%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 14:13
Updated-14 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: improper state management in proxy protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_apache_camel_-_hawtiobuild_of_apache_camel_for_spring_bootsingle_sign-onintegration_camel_kjboss_fusebuild_of_keycloakprocess_automationdata_gridjboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform 8Red Hat build of Apache Camel for Spring Boot 3Red Hat build of Apache Camel 4.4.2 for Spring BootHawtIO 4.0.0 for Red Hat build of Apache Camel 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of KeycloakRed Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Single Sign-On 7Red Hat Fuse 7Red Hat build of Apache Camel 3.20.7 for Spring BootRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat Integration Camel K 1Red Hat build of Apache Camel - HawtIO 4Red Hat build of QuarkusRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-6239
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:28
Updated-03 Aug, 2025 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poppler: pdfinfo: crash in broken documents when using -dests parameter

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.freedesktop.org
Product-enterprise_linuxpopplerRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-20
Improper Input Validation
CVE-2024-6162
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.55% / 80.68%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 14:33
Updated-14 Aug, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Single Sign-On 7Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 7Red Hat Data Grid 8Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2EAP 8.0.1Red Hat build of Apache Camel for Spring Boot 3Red Hat JBoss Data Grid 7Red Hat Integration Camel K 1Red Hat build of Apache Camel - HawtIO 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of Keycloak
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-3354
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 16:16
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.QEMUFedora Project
Product-openstack_platformqemufedoraenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationExtra Packages for Enterprise LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenStack Platform 13 (Queens)FedoraqemuRed Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32248
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree connection null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-1635
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.33% / 91.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 21:23
Updated-14 Aug, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.
Product-openshift_container_platform_for_powerintegration_camel_for_spring_bootsingle_sign-ononcommand_workflow_automationactive_iq_unified_manageropenshift_container_platformfuseopenshift_container_platform_for_linuxonejboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7streams for Apache KafkaRed Hat Integration Camel Quarkus 2OpenShift ServerlessRed Hat build of Apicurio Registry 2Red Hat build of Apache Camel for Spring Boot 3Red Hat Single Sign-On 7.6 for RHEL 7Red Hat build of Apache Camel for Spring Boot 4RHEL-8 based Middleware ContainersRed Hat Build of KeycloakRed Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Single Sign-On 7.6 for RHEL 8Red Hat build of QuarkusRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7.13.0RHSSO 7.6.8Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2Red Hat build of OptaPlanner 8Red Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat Integration Camel K 1Red Hat JBoss Fuse Service Works 6Red Hat Data Grid 8Red Hat build of Apache Camel 4 for Quarkus 3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-9597
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Action-Not Available
Vendor-Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-ubuntu_linuxdebian_linuxlibxml2icewall_file_managericewall_federation_agentleaplibxml2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-57699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.26%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-58264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.2||LOW
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-27 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

Action-Not Available
Vendor-cosmwasmCosmWasm
Product-serde-json-wasmserde-json-wasm
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 83.81%
||
7 Day CHG+0.59%
Published-07 Dec, 2021 | 21:08
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Action-Not Available
Vendor-owasptrustwaven/aF5, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxhttp_serverzfs_storage_appliance_kitnginx_modsecurity_wafmodsecurityn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-43172
Matching Score-4
Assigner-NLnet Labs
ShareView Details
Matching Score-4
Assigner-NLnet Labs
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.50%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 16:41
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite length chain of RRDP repositories

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-routinatorRoutinator
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-42697
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-75.54% / 98.85%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:44
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.

Action-Not Available
Vendor-akkan/a
Product-http_servern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-44073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 00:00
Updated-13 Sep, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.

Action-Not Available
Vendor-rust-bitcoinn/arust-bitcoin
Product-miniscriptn/aminiscript
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24472
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.34%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 15:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO Project
Product-openimageioOpenImageIO
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-4340
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-7.5||HIGH
EPSS-14.99% / 94.29%
||
7 Day CHG-1.48%
Published-30 Apr, 2024 | 14:23
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Action-Not Available
Vendor-sqlparse_project
Product-sqlparse
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-39929
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.94%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-38569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:14
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdffoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-36395
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.72%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-36154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 11:02
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-grpc_swiftn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-3530
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 14:31
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-ontap_select_deploy_administration_utilitybinutilsbinutils
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-4512
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 06:30
Updated-30 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Recursion in Wireshark

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-34158
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.68%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 20:42
Updated-04 Oct, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack exhaustion in Parse in go/build/constraint

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Action-Not Available
Vendor-Go standard librarygo_build_constraint
Product-go/build/constraintgo_standard_library
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-28903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.11%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 18:36
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-47831
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.85%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 18:04
Updated-08 Nov, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js image optimization has Denial of Service condition

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.

Action-Not Available
Vendor-vercelvercel
Product-next.jsnext.js
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-29904
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 15:32
Updated-07 May, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

Action-Not Available
Vendor-codeignitercodeigniter4codeigniter
Product-codeigniterCodeIgniter4codeigniter
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-25111
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-4.07% / 88.08%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 18:14
Updated-10 Apr, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQUID-2024:1 Denial of Service in HTTP Chunked Decoding

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

Action-Not Available
Vendor-Fedora ProjectSquid CacheNetApp, Inc.
Product-squidfedorabluexpsquidbluexpfedorasquid
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-20311
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:50
Updated-30 Jul, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOSios_xeios
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-9861
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.52%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 22:14
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

Action-Not Available
Vendor-SwiftApple Inc.
Product-swiftSwift 5.1.5 for Linux
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-8285
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.18%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:39
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationSplunk LLC (Cisco Systems, Inc.)Apple Inc.NetApp, Inc.Fedora ProjectCURLSiemens AGFujitsu Limited
Product-libcurlpeoplesoft_enterprise_peopletoolsm12-1communications_billing_and_revenue_managementhci_storage_nodem10-4s_firmwarehci_storage_node_firmwarehci_bootstrap_osmacosm10-4hci_compute_nodem10-4_firmwarecommunications_cloud_native_core_policym10-4suniversal_forwarderm12-1_firmwaresolidfiresinec_infrastructure_network_servicesm12-2sclustered_data_ontapdebian_linuxessbasehci_management_nodefedoramac_os_xm10-1_firmwarem10-1m12-2s_firmwarem12-2_firmwarem12-2https://github.com/curl/curl
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0210
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 07:31
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Recursion in Wireshark

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-5591
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.81%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 10:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.

Action-Not Available
Vendor-xackXACK, Inc.
Product-xack_dnsXACK DNS
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.60%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:47
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.60%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:38
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-21 Mar, 2020 | 00:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.

Action-Not Available
Vendor-bloqn/a
Product-univaluen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2019 | 14:36
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Action-Not Available
Vendor-10upn/a
Product-safe_svgn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-16163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.96%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.60%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:29
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found