CWE-674
Allowed-with-ReviewUncontrolled Recursion
Abstraction: Class · Status: Draft
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
616 vulnerabilities reference this CWE, most recent first.
GHSA-7RVH-XQP3-PR8J
Vulnerability from github – Published: 2025-12-30 23:08 – Updated: 2025-12-30 23:08Summary
Magick fails to check for circular references between two MVGs, leading to a stack overflow.
Details
After reading mvg1 using Magick, the following is displayed:
./magick -limit memory 2GiB -limit map 2GiB -limit disk 0 mvg:L1.mvg out.png
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3564123==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589549a4458 bp 0x7ffcc61f34a0 sp 0x7ffcc61efdd0 T0)
#0 0x5589549a4458 in GetImagePixelCache MagickCore/cache.c:1726
#1 0x5589549b02c1 in QueueAuthenticPixelCacheNexus MagickCore/cache.c:4261
#2 0x5589549a2f24 in GetAuthenticPixelCacheNexus MagickCore/cache.c:1368
#3 0x5589549bae98 in GetCacheViewAuthenticPixels MagickCore/cache-view.c:311
#4 0x558954afb3a5 in DrawPolygonPrimitive._omp_fn.1 MagickCore/draw.c:5172
#5 0x7f62dd89fa15 in GOMP_parallel (/lib/x86_64-linux-gnu/libgomp.so.1+0x14a15)
#6 0x558954ae0f41 in DrawPolygonPrimitive MagickCore/draw.c:5156
#7 0x558954ae5607 in DrawPrimitive MagickCore/draw.c:5875
#8 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522
#9 0x558954adcf67 in DrawImage MagickCore/draw.c:4561
#10 0x55895496cedb in RenderFreetype MagickCore/annotate.c:2065
#11 0x55895496702e in RenderType MagickCore/annotate.c:1112
#12 0x558954963da7 in AnnotateImage MagickCore/annotate.c:544
#13 0x558954ae4e0a in DrawPrimitive MagickCore/draw.c:5799
#14 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522
#15 0x558954adcf67 in DrawImage MagickCore/draw.c:4561
#16 0x558954755a46 in ReadMVGImage coders/mvg.c:240
#17 0x558954a15ecc in ReadImage MagickCore/constitute.c:743
#18 0x558954ae3c76 in DrawPrimitive MagickCore/draw.c:5705
#19 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522
#20 0x558954adcf67 in DrawImage MagickCore/draw.c:4561
#21 0x558954755a46 in ReadMVGImage coders/mvg.c:240
...
Impact
This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68950"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-30T23:08:15Z",
"nvd_published_at": "2025-12-30T17:15:43Z",
"severity": "MODERATE"
},
"details": "### Summary\nMagick fails to check for circular references between two MVGs, leading to a stack overflow.\n\n### Details\n\nAfter reading mvg1 using Magick, the following is displayed:\n```\n./magick -limit memory 2GiB -limit map 2GiB -limit disk 0 mvg:L1.mvg out.png\nAddressSanitizer:DEADLYSIGNAL\n=================================================================\n==3564123==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589549a4458 bp 0x7ffcc61f34a0 sp 0x7ffcc61efdd0 T0)\n #0 0x5589549a4458 in GetImagePixelCache MagickCore/cache.c:1726\n #1 0x5589549b02c1 in QueueAuthenticPixelCacheNexus MagickCore/cache.c:4261\n #2 0x5589549a2f24 in GetAuthenticPixelCacheNexus MagickCore/cache.c:1368\n #3 0x5589549bae98 in GetCacheViewAuthenticPixels MagickCore/cache-view.c:311\n #4 0x558954afb3a5 in DrawPolygonPrimitive._omp_fn.1 MagickCore/draw.c:5172\n #5 0x7f62dd89fa15 in GOMP_parallel (/lib/x86_64-linux-gnu/libgomp.so.1+0x14a15)\n #6 0x558954ae0f41 in DrawPolygonPrimitive MagickCore/draw.c:5156\n #7 0x558954ae5607 in DrawPrimitive MagickCore/draw.c:5875\n #8 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522\n #9 0x558954adcf67 in DrawImage MagickCore/draw.c:4561\n #10 0x55895496cedb in RenderFreetype MagickCore/annotate.c:2065\n #11 0x55895496702e in RenderType MagickCore/annotate.c:1112\n #12 0x558954963da7 in AnnotateImage MagickCore/annotate.c:544\n #13 0x558954ae4e0a in DrawPrimitive MagickCore/draw.c:5799\n #14 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522\n #15 0x558954adcf67 in DrawImage MagickCore/draw.c:4561\n #16 0x558954755a46 in ReadMVGImage coders/mvg.c:240\n #17 0x558954a15ecc in ReadImage MagickCore/constitute.c:743\n #18 0x558954ae3c76 in DrawPrimitive MagickCore/draw.c:5705\n #19 0x558954adc72d in RenderMVGContent MagickCore/draw.c:4522\n #20 0x558954adcf67 in DrawImage MagickCore/draw.c:4561\n #21 0x558954755a46 in ReadMVGImage coders/mvg.c:240\n ...\n```\n\n### Impact\nThis is a DoS vulnerability, and any situation that allows reading the mvg file will be affected.",
"id": "GHSA-7rvh-xqp3-pr8j",
"modified": "2025-12-30T23:08:15Z",
"published": "2025-12-30T23:08:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68950"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick\u0027s failure to limit MVG mutual causes Stack Overflow"
}
GHSA-7VJV-FCF5-RX4H
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
{
"affected": [],
"aliases": [
"CVE-2019-9071"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-24T00:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.",
"id": "GHSA-7vjv-fcf5-rx4h",
"modified": "2022-05-13T01:04:40Z",
"published": "2022-05-13T01:04:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9071"
},
{
"type": "WEB",
"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190314-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24227"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K02884135"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4326-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4336-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107147"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7VXR-7VXQ-J68J
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic.
Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.
{
"affected": [],
"aliases": [
"CVE-2026-7164"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T08:16:07Z",
"severity": "HIGH"
},
"details": "Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic.\n\nRemote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.",
"id": "GHSA-7vxr-7vxq-j68j",
"modified": "2026-04-30T15:30:39Z",
"published": "2026-04-30T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7164"
},
{
"type": "WEB",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7WMM-6G5P-MV4P
Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-06 18:30pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth.
{
"affected": [],
"aliases": [
"CVE-2026-38970"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T21:16:56Z",
"severity": "HIGH"
},
"details": "pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth.",
"id": "GHSA-7wmm-6g5p-mv4p",
"modified": "2026-07-06T18:30:42Z",
"published": "2026-07-02T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38970"
},
{
"type": "WEB",
"url": "https://github.com/pdfcpu/pdfcpu"
},
{
"type": "WEB",
"url": "https://github.com/pdfcpu/pdfcpu/blob/a181c19acb322d6b93a1bbda9385a864a9ad6efe/pkg/pdfcpu/model/parse.go#L325-L366"
},
{
"type": "WEB",
"url": "https://github.com/pdfcpu/pdfcpu/blob/a181c19acb322d6b93a1bbda9385a864a9ad6efe/pkg/pdfcpu/model/parse.go#L942-L970"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7X29-5Q3F-F4X2
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.
{
"affected": [],
"aliases": [
"CVE-2018-20796"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-26T02:29:00Z",
"severity": "HIGH"
},
"details": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0027(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0027 in grep.",
"id": "GHSA-7x29-5q3f-f4x2",
"modified": "2022-05-13T01:30:43Z",
"published": "2022-05-13T01:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796"
},
{
"type": "WEB",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190315-0002"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-834W-G79F-WRQV
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
{
"affected": [],
"aliases": [
"CVE-2018-6003"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-22T20:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.",
"id": "GHSA-834w-g79f-wrqv",
"modified": "2022-05-13T01:08:59Z",
"published": "2022-05-13T01:08:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6003"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"type": "WEB",
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-86Q4-P3XC-6M2H
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
{
"affected": [],
"aliases": [
"CVE-2020-1898"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T01:15:00Z",
"severity": "HIGH"
},
"details": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.",
"id": "GHSA-86q4-p3xc-6m2h",
"modified": "2022-05-24T17:44:15Z",
"published": "2022-05-24T17:44:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1898"
},
{
"type": "WEB",
"url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
},
{
"type": "WEB",
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-87RM-8Q5W-499G
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.
{
"affected": [],
"aliases": [
"CVE-2021-28040"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-05T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.",
"id": "GHSA-87rm-8q5w-499g",
"modified": "2022-05-24T17:43:48Z",
"published": "2022-05-24T17:43:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28040"
},
{
"type": "WEB",
"url": "https://github.com/ossec/ossec-hids/issues/1953"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8C28-5MP7-V24H
Vulnerability from github – Published: 2022-12-13 17:02 – Updated: 2022-12-13 17:02Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.
This vulnerability is very similar, but not identical, to the one described in TYPO3-CORE-SA-2021-005 (CVE-2021-21359).
Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above.
References
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.38"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.33"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.20"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.33"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23500"
],
"database_specific": {
"cwe_ids": [
"CWE-405",
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-13T17:02:09Z",
"nvd_published_at": "2022-12-14T08:15:00Z",
"severity": "MODERATE"
},
"details": "### Problem\nRequesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.\n\nThis vulnerability is very similar, but not identical, to the one described in [TYPO3-CORE-SA-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005) (CVE-2021-21359).\n\n### Solution\nUpdate to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above.\n\n### References\n* [TYPO3-CORE-SA-2022-012](https://typo3.org/security/advisory/typo3-core-sa-2022-012)",
"id": "GHSA-8c28-5mp7-v24h",
"modified": "2022-12-13T17:02:09Z",
"published": "2022-12-13T17:02:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23500"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3/typo3"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TYPO3 CMS vulnerable to Denial of Service in Page Error Handling"
}
GHSA-8C3Q-4M86-34F8
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-02-27 18:32find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
{
"affected": [],
"aliases": [
"CVE-2019-17450"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",
"id": "GHSA-8c3q-4m86-34f8",
"modified": "2023-02-27T18:32:10Z",
"published": "2022-05-24T16:58:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17450"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191024-0002"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25078"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4336-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.
Mitigation
Increase the stack size.
CAPEC-230: Serialized Data with Nested Payloads
Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.
CAPEC-231: Oversized Serialized Data Payloads
An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.