Common Weakness Enumeration

CWE-674

Allowed-with-Review

Uncontrolled Recursion

Abstraction: Class · Status: Draft

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

616 vulnerabilities reference this CWE, most recent first.

GHSA-6R9P-4766-XGG4

Vulnerability from github – Published: 2024-03-27 18:32 – Updated: 2024-03-27 18:32
VLAI
Details

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-27T17:15:52Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.\n\n This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\n\n Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.",
  "id": "GHSA-6r9p-4766-xgg4",
  "modified": "2024-03-27T18:32:38Z",
  "published": "2024-03-27T18:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20311"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V9C-7CG6-27Q7

Vulnerability from github – Published: 2026-04-29 22:12 – Updated: 2026-04-29 22:12
VLAI
Summary
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer
Details

Summary

A critical Denial of Service (DoS) vulnerability exists in marked@18.0.0. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM).

Details

The vulnerability originates in how marked's block tokenizer handles unexpected whitespace characters.

  1. Tab Character (\x09) Consumption: The space() tokenizer matches standard whitespace using the regex /^(?:[ \t]*(?:\n|$))+/. When parsing the malicious payload (\x09\x0b\n), this rule successfully consumes the initial tab character (\x09).
  2. Vertical Tab (\x0b) Bypass: The remaining input is now \x0b\n. The newline block rule explicitly looks for spaces or standard tabs ([ \t]) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match.
  3. Fallback to Text Tokenizer: None of the standard block tokenizers (blockquote, code, heading, etc.) match \x0b\n. As a result, the parser falls through to the text tokenizer (/^[^\n]+/), which matches any character except a newline.
  4. Infinite Recursion: Inside blockTokens(), the text tokenizer creates a text token and subsequently calls inlineTokens() on the exact same content. Inside inlineTokens(), the text rule again matches \x0b\n and recursively calls inlineTokens(). This creates an inescapable cycle: blockTokens() → text token → inlineTokens() → text rule matches → inlineTokens() → ...

With each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.

Vulnerable Code in lib/marked.esm.js (Lexer class, blockTokens()):

// The text tokenizer triggers infinite recursion
if(r=this.tokenizer.text(e)) {
    e=e.substring(r.raw.length);
    let s=t.at(-1);
    s?.type==="text"?(s.raw+=(s.raw.endsWith("\n")?"":"\n")+r.raw, s.text+="\n"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);
    // ↑ This calls inlineTokens() internally via the text tokenizer, causing the OOM loop
    continue;
}

PoC

This vulnerability can be reproduced using any standard Node.js environment with marked@18.0.0 installed.

  1. Create a file named poc.js with the following content:
const marked = require('marked');

// The vulnerable 3-byte pattern: tab + vertical tab + newline
const vulnerableInput = '\x09\x0b\n';

console.log('Attempting to parse malicious payload...');
try {
    marked.parse(vulnerableInput);
} catch(e) {
    console.log('Error:', e.message);
}
  1. Run the script: node poc.js
  2. Result: The process will hang briefly as memory spikes, ultimately crashing with: FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory.

Impact

This is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion.

Impacted Parties: Any application, API, chatbot, or documentation system using marked@18.0.0 (and potentially earlier versions) to parse untrusted user input is vulnerable.

Because the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 18.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "marked"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "18.0.0"
            },
            {
              "fixed": "18.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-674",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:12:20Z",
    "nvd_published_at": "2026-04-24T18:16:29Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA critical Denial of Service (DoS) vulnerability exists in `marked@18.0.0`. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (`\\x09\\x0b\\n`)\u2014an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM). \n\n### Details\nThe vulnerability originates in how `marked`\u0027s block tokenizer handles unexpected whitespace characters. \n\n1. **Tab Character (`\\x09`) Consumption**: The `space()` tokenizer matches standard whitespace using the regex `/^(?:[ \\t]*(?:\\n|$))+/`. When parsing the malicious payload (`\\x09\\x0b\\n`), this rule successfully consumes the initial tab character (`\\x09`).\n2. **Vertical Tab (`\\x0b`) Bypass**: The remaining input is now `\\x0b\\n`. The newline block rule explicitly looks for spaces or standard tabs (`[ \\t]`) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match.\n3. **Fallback to Text Tokenizer**: None of the standard block tokenizers (blockquote, code, heading, etc.) match `\\x0b\\n`. As a result, the parser falls through to the `text` tokenizer (`/^[^\\n]+/`), which matches any character except a newline.\n4. **Infinite Recursion**: Inside `blockTokens()`, the `text` tokenizer creates a text token and subsequently calls `inlineTokens()` on the exact same content. Inside `inlineTokens()`, the text rule again matches `\\x0b\\n` and recursively calls `inlineTokens()`. This creates an inescapable cycle: `blockTokens() \u2192 text token \u2192 inlineTokens() \u2192 text rule matches \u2192 inlineTokens() \u2192 ...`\n\nWith each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.\n\n**Vulnerable Code in `lib/marked.esm.js` (Lexer class, `blockTokens()`):**\n```javascript\n// The text tokenizer triggers infinite recursion\nif(r=this.tokenizer.text(e)) {\n    e=e.substring(r.raw.length);\n    let s=t.at(-1);\n    s?.type===\"text\"?(s.raw+=(s.raw.endsWith(\"\\n\")?\"\":\"\\n\")+r.raw, s.text+=\"\\n\"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);\n    // \u2191 This calls inlineTokens() internally via the text tokenizer, causing the OOM loop\n    continue;\n}\n```\n\n### PoC\nThis vulnerability can be reproduced using any standard Node.js environment with `marked@18.0.0` installed.\n\n1. Create a file named `poc.js` with the following content:\n```javascript\nconst marked = require(\u0027marked\u0027);\n\n// The vulnerable 3-byte pattern: tab + vertical tab + newline\nconst vulnerableInput = \u0027\\x09\\x0b\\n\u0027;\n\nconsole.log(\u0027Attempting to parse malicious payload...\u0027);\ntry {\n    marked.parse(vulnerableInput);\n} catch(e) {\n    console.log(\u0027Error:\u0027, e.message);\n}\n```\n2. Run the script: `node poc.js`\n3. **Result:** The process will hang briefly as memory spikes, ultimately crashing with: `FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`.\n\n### Impact\nThis is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion. \n\n**Impacted Parties:** Any application, API, chatbot, or documentation system using `marked@18.0.0` (and potentially earlier versions) to parse untrusted user input is vulnerable. \n\nBecause the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.",
  "id": "GHSA-6v9c-7cg6-27q7",
  "modified": "2026-04-29T22:12:20Z",
  "published": "2026-04-29T22:12:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41680"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/markedjs/marked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer"
}

GHSA-7498-2XJF-M6P5

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-15T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of \u0027{\u0027 characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.",
  "id": "GHSA-7498-2xjf-m6p5",
  "modified": "2022-05-13T01:22:40Z",
  "published": "2022-05-13T01:22:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6290"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392548"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-772W-JXJV-XC3F

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30
VLAI
Details

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:37Z",
    "severity": "MODERATE"
  },
  "details": "AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
  "id": "GHSA-772w-jxjv-xc3f",
  "modified": "2026-04-30T09:30:24Z",
  "published": "2026-04-30T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5401"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/21088"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-13.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7753-XRFW-CH36

Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 17:43
VLAI
Summary
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
Details

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "llama-index-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.38"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-5302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-26T17:43:43Z",
    "nvd_published_at": "2025-08-25T15:15:42Z",
    "severity": "HIGH"
  },
  "details": "A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.",
  "id": "GHSA-7753-xrfw-ch36",
  "modified": "2025-08-26T17:43:43Z",
  "published": "2025-08-26T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5302"
    },
    {
      "type": "WEB",
      "url": "https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/run-llama/llama_index"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LlamaIndex affected by a Denial of Service (DOS) in JSONReader"
}

GHSA-775J-MPHJ-44X5

Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-17 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: omapfb: Add 'plane' value check

Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane.

The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem.

For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process this value correctly and some not.

For example, in dispc_ovl_setup_global_alpha it may lead to buffer overflow.

Add check for this value.

Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: Add \u0027plane\u0027 value check\n\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\n\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it\u0027s not a real\nproblem.\n\nFor the purposes of defensive coding it wouldn\u0027t be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\n\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\n\nAdd check for this value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
  "id": "GHSA-775j-mphj-44x5",
  "modified": "2025-11-17T15:30:31Z",
  "published": "2025-05-09T09:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37851"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09dbf22fd68c2f1a81ab89670ffa1ec3033436c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e411827f31db7f938a30a3c7a7599839401ec30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52eafaa56f8f6d6a0cdff9282b25b4acbde34edc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/660a53a0694d1f3789802509fe729dd4656fc5e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b0a41589ee70529b20e1e0108d03f10c649bdc4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fda15c5b96b883d62fb2d84a3a1422aa87717897"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77H4-R63X-87F8

Vulnerability from github – Published: 2025-10-01 21:31 – Updated: 2025-10-01 21:31
VLAI
Details

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T19:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).",
  "id": "GHSA-77h4-r63x-87f8",
  "modified": "2025-10-01T21:31:21Z",
  "published": "2025-10-01T21:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43718"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-43718.md"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7822-F4VJ-QH7P

Vulnerability from github – Published: 2024-04-01 00:30 – Updated: 2024-08-20 21:30
VLAI
Details

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-01T00:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the \"\u003c?php ?\u003e\" substring.",
  "id": "GHSA-7822-f4vj-qh7p",
  "modified": "2024-08-20T21:30:30Z",
  "published": "2024-04-01T00:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/linuxserver/Heimdall/pull/1167"
    },
    {
      "type": "WEB",
      "url": "https://github.com/linuxserver/Heimdall/pull/1173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/linuxserver/Heimdall/releases/tag/v2.5.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-78QJ-JPWW-M9RM

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:22
VLAI
Details

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1010182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-25T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.",
  "id": "GHSA-78qj-jpww-m9rm",
  "modified": "2024-04-04T01:22:06Z",
  "published": "2022-05-24T16:51:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010182"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chyh1990/yaml-rust/pull/109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7997-F766-56H6

Vulnerability from github – Published: 2026-03-01 09:30 – Updated: 2026-03-01 09:30
VLAI
Details

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-01T09:15:57Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-7997-f766-56h6",
  "modified": "2026-03-01T09:30:19Z",
  "published": "2026-03-01T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3385"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wren-lang/wren/issues/1218"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oneafter/0122/blob/main/i1218/repro"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wren-lang/wren"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.348271"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.348271"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.761305"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.

Mitigation
Implementation

Increase the stack size.

CAPEC-230: Serialized Data with Nested Payloads

Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.

CAPEC-231: Oversized Serialized Data Payloads

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.