Common Weakness Enumeration

CWE-674

Allowed-with-Review

Uncontrolled Recursion

Abstraction: Class · Status: Draft

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

615 vulnerabilities reference this CWE, most recent first.

GHSA-FP46-48V5-9HQR

Vulnerability from github – Published: 2023-10-31 03:31 – Updated: 2023-11-08 03:30
VLAI
Details

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-31T01:15:07Z",
    "severity": "MODERATE"
  },
  "details": "MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.",
  "id": "GHSA-fp46-48v5-9hqr",
  "modified": "2023-11-08T03:30:32Z",
  "published": "2023-10-31T03:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31794"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706506"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06"
    },
    {
      "type": "WEB",
      "url": "https://git.ghostscript.com/?p=mupdf.git%3Bh=c0015401693b58e2deb5d75c39f27bc1216e47c6"
    },
    {
      "type": "WEB",
      "url": "https://git.ghostscript.com/?p=mupdf.git;h=c0015401693b58e2deb5d75c39f27bc1216e47c6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP7F-J7QV-4QWW

Vulnerability from github – Published: 2026-07-06 03:30 – Updated: 2026-07-06 21:30
VLAI
Details

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder.

The pure-Perl decode path (_decode_value dispatching to _decode_array and _decode_object) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory.

This path is the default when Cpanel::JSON::XS is not installed or MOJO_NO_JSON_XS=1 is set; the Cpanel::JSON::XS fast path is not affected.

Any caller that decodes an untrusted JSON body, for example Mojo::Message::json reached through $c->req->json, can exhaust process memory and cause denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-06T02:16:21Z",
    "severity": "MODERATE"
  },
  "details": "Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder.\n\nThe pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory.\n\nThis path is the default when Cpanel::JSON::XS is not installed or `MOJO_NO_JSON_XS=1` is set; the Cpanel::JSON::XS fast path is not affected.\n\nAny caller that decodes an untrusted JSON body, for example `Mojo::Message::json` reached through `$c-\u003ereq-\u003ejson`, can exhaust process memory and cause denial of service.",
  "id": "GHSA-fp7f-j7qv-4qww",
  "modified": "2026-07-06T21:30:34Z",
  "published": "2026-07-06T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mojolicious/mojo/commit/cc38b0554275c4d84f6b8b49bcbbc1bec2068fe1.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/SRI/Mojolicious-9.47/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/07/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FV3G-CJHX-6P3X

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30
VLAI
Details

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:38Z",
    "severity": "MODERATE"
  },
  "details": "BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
  "id": "GHSA-fv3g-cjhx-6p3x",
  "modified": "2026-04-30T15:30:38Z",
  "published": "2026-04-30T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5408"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/21067"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21067"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FVJ4-FM65-5PQM

Vulnerability from github – Published: 2022-09-16 00:00 – Updated: 2022-09-20 00:00
VLAI
Details

XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-15T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.",
  "id": "GHSA-fvj4-fm65-5pqm",
  "modified": "2022-09-20T00:00:29Z",
  "published": "2022-09-16T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38334"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWFG-5HQV-4R78

Vulnerability from github – Published: 2022-11-01 19:00 – Updated: 2022-11-03 19:00
VLAI
Details

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.",
  "id": "GHSA-fwfg-5hqv-4r78",
  "modified": "2022-11-03T19:00:27Z",
  "published": "2022-11-01T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42321"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202402-07"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5272"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-418.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/11/01/8"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-418.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWVM-GGF6-2P4X

Vulnerability from github – Published: 2026-04-14 00:06 – Updated: 2026-04-15 20:56
VLAI
Summary
ImageMagick has a Stack Overflow in DestroyXMLTree()
Details

Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T00:06:43Z",
    "nvd_published_at": "2026-04-13T22:16:28Z",
    "severity": "HIGH"
  },
  "details": "Magick frees the memory of the XML tree via the `DestroyXMLTree` function; however, this process is executed recursively with no depth limit imposed. When magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack.",
  "id": "GHSA-fwvm-ggf6-2p4x",
  "modified": "2026-04-15T20:56:35Z",
  "published": "2026-04-14T00:06:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick has a Stack Overflow in DestroyXMLTree()"
}

GHSA-FX2C-96VJ-985V

Vulnerability from github – Published: 2022-12-12 21:24 – Updated: 2023-01-13 17:18
VLAI
Summary
HAProxyMessageDecoder Stack Exhaustion DoS
Details

Impact

A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.

Patches

Users should upgrade to 4.1.86.Final.

Workarounds

There is no workaround, except using a custom HaProxyMessageDecoder.

References

When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on. The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type. Providing a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError. The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.

For more information

If you have any questions or comments about this advisory: * Open an issue in netty

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-haproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.86.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-12T21:24:29Z",
    "nvd_published_at": "2022-12-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.\n\n### Patches\nUsers should upgrade to 4.1.86.Final.\n\n### Workarounds\nThere is no workaround, except using a custom HaProxyMessageDecoder.\n\n### References\nWhen parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.\nThe only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.\nProviding a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.\nThe StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty\u2019s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [netty](https://github.com/netty/netty)\n",
  "id": "GHSA-fx2c-96vj-985v",
  "modified": "2023-01-13T17:18:24Z",
  "published": "2022-12-12T21:24:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230113-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HAProxyMessageDecoder Stack Exhaustion DoS"
}

GHSA-FXP8-RW49-CF65

Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 18:30
VLAI
Details

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T03:15:25Z",
    "severity": "HIGH"
  },
  "details": "In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.",
  "id": "GHSA-fxp8-rw49-cf65",
  "modified": "2025-06-02T18:30:42Z",
  "published": "2025-06-02T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20678"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/June-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G256-87J3-GW89

Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30
VLAI
Details

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T14:15:50Z",
    "severity": "HIGH"
  },
  "details": "When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd\u00a0process to terminate.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-g256-87j3-gw89",
  "modified": "2025-10-15T15:30:28Z",
  "published": "2025-10-15T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54858"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000156621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G3HQ-JRQW-HW7W

Vulnerability from github – Published: 2023-03-30 18:30 – Updated: 2023-04-05 15:30
VLAI
Details

A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-30T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.",
  "id": "GHSA-g3hq-jrqw-hw7w",
  "modified": "2023-04-05T15:30:24Z",
  "published": "2023-03-30T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24472"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.

Mitigation
Implementation

Increase the stack size.

CAPEC-230: Serialized Data with Nested Payloads

Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.

CAPEC-231: Oversized Serialized Data Payloads

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.