The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
430 vulnerabilities with CWE-674
CVE-2019-6131
MEDIUM
Artifex MuPDF <1.14.0 - Memory Corruption
CVSS 5.5
CVE-2018-25282
MEDIUM
Nmap 7.70 Denial of Service via XML Entity Expansion
CVSS 6.2
CVE-2018-21232
MEDIUM
re2c < 2.0 - Uncontrolled Recursion in find_fixed_tags
CVSS 5.5
CVE-2018-4002
HIGH
CUJO Smart Firewall Firmware 7003 - Unauthenticated Denial of Service via mDNS Label Compression Pointer Handling
CVSS 7.5
CVE-2018-16452
HIGH
tcpdump < 4.9.3 - Stack Exhaustion via SMB Parser Recursion
CVSS 7.5
CVE-2018-16300
HIGH
tcpdump < 4.9.3 - Denial of Service via BGP Parser Uncontrolled Recursion
CVSS 7.5
CVE-2018-20994
HIGH
trust-dns-proto <0.5.0-alpha.3 - Info Disclosure
CVSS 7.5
CVE-2018-20993
HIGH
yaml-rust < 0.4.1 - Uncontrolled Recursion during Deserialization
CVSS 7.5
CVE-2018-20822
MEDIUM
libsass 3.5.4 - Denial of Service via Uncontrolled Recursion
CVSS 6.5
CVE-2018-20821
MEDIUM
libsass < 3.5.5 - Denial of Service via Uncontrolled Recursion in Parser
CVSS 6.5
CVE-2018-20796
HIGH
glibc < 2.29 - Uncontrolled Recursion in posix/regexec.c
CVSS 7.5
CVE-2018-18484
MEDIUM
GNU libiberty <2.31 - Use After Free
CVSS 5.5
CVE-2018-18020
LOW
qpdf 8.2.1 - Denial of Service via Recursive UnparseObject Calls
CVSS 3.3
CVE-2018-16426
MEDIUM
OpenSC <0.19.0-rc1 - Use After Free
CVSS 4.3
CVE-2018-1158
MEDIUM
Mikrotik RouterOS <6.42.7,6.40.9 - Memory Corruption
CVSS 6.5
CVE-2018-1000618
CRITICAL
EOSIO/eos > f1545dd0ae2b77580c2236fdb70ae7138d2c7168 - Buffer Overflow
CVSS 9.8
CVE-2018-11597
MEDIUM
Espruino < 1.99 - Denial of Service via Stack Exhaustion in jsparse.c
CVSS 5.5
CVE-2018-11254
MEDIUM
PoDoFo 0.9.5 - Denial of Service via Excessive Recursion in PdfPagesTree::GetPageNode()
CVSS 5.5
CVE-2018-8015
HIGH
Apache ORC 1.0.0-1.4.3 - Uncontrolled Recursion via Malformed ORC File
CVSS 7.5
CVE-2018-9996
MEDIUM
GNU libiberty <2.30 - Use After Free
CVSS 5.5
CVE-2018-9918
HIGH
qpdf < 8.0.2 - Denial of Service via Uncontrolled Recursion in QPDFObjectHandle
CVSS 7.8
CVE-2018-9138
MEDIUM
GNU libiberty <2.31 - Use After Free
CVSS 5.5
CVE-2018-0739
MEDIUM
OpenSSL 1.0.2b-1.0.2n - Denial of Service via ASN.1 Recursive Type Parsing
CVSS 6.5
CVE-2018-6544
MEDIUM
Artifex MuPDF 1.12.0 - Denial of Service via Recursive Object Stream Reference
CVSS 5.5
CVE-2018-5759
MEDIUM
Artifex MuJS < 1.0.2 - Denial of Service via Uncontrolled Recursion in Binary Expression Parsing
CVSS 5.5
Details
Vulnerabilities
430