The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
386 vulnerabilities with CWE-674
CVE-2025-39795
MEDIUM
Linux Kernel - Buffer Overflow
CVSS 5.5
CVE-2025-9714
MEDIUM
libxml2 <2.9.14 - Buffer Overflow
CVSS 6.2
CVE-2025-39704
MEDIUM
Linux Kernel < 6.16.4 - Buffer Overflow
CVSS 5.5
CVE-2025-57809
HIGH
XGrammar <0.1.21 - Info Disclosure
CVSS 7.5
CVE-2025-5302
HIGH
Pypi Llama-index-core < 0.12.38 - Denial of Service
CVSS 8.6
CVE-2025-38614
MEDIUM
Linux Kernel - Use After Free
CVSS 5.5
CVE-2025-24302
MEDIUM
TinyCBOR <0.6.1 - Privilege Escalation
CVSS 6.7
CVE-2025-20025
MEDIUM
TinyCBOR <0.6.1 - DoS
CVSS 4.4
CVE-2025-8732
LOW
libxml2 <2.14.5 - Uncontrolled Recursion
CVSS 3.3
CVE-2025-23325
HIGH
Nvidia Triton Inference Server < 25.05 - Denial of Service
CVSS 7.5
CVE-2025-46206
MEDIUM
Artifex mupdf <1.25.6-1.25.5 - DoS
CVSS 6.5
CVE-2025-50420
MEDIUM
freedesktop poppler <v25.04.0 - DoS
CVSS 6.5
CVE-2025-38493
MEDIUM
Linux Kernel < 6.6.100 - Buffer Overflow
CVSS 5.5
CVE-2025-38459
HIGH
Linux Kernel < 5.4.296 - Out-of-Bounds Write
CVSS 7.8
CVE-2025-48924
MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
CVSS 5.3
CVE-2025-53864
MEDIUM
Connect2id Nimbus JOSE + JWT <10.0.2-9.37.4 - DoS
CVSS 5.8
CVE-2025-38315
MEDIUM
Linux kernel - Buffer Overflow
CVSS 5.5
CVE-2025-5472
MEDIUM
run-llama/llama_index <0.12.28 - Buffer Overflow
CVSS 6.5
CVE-2025-53605
MEDIUM
protobuf <3.7.2 - Buffer Overflow
CVSS 5.9
CVE-2025-6710
HIGH
Mongodb < 6.0.21 - Denial of Service
CVSS 7.5
CVE-2025-4565
MEDIUM
Google Protobuf-python < 4.25.8 - Denial of Service
CVSS 5.3
CVE-2025-20678
MEDIUM
Mediatek Lr12a - Denial of Service
CVSS 6.5
CVE-2025-30193
HIGH
DNSdist <1.9.10 - DoS
CVSS 7.5
CVE-2025-1752
HIGH
run-llama/llama_index ~ latest(v0.12.15 - DoS
CVSS 7.5
CVE-2025-37851
MEDIUM
Linux kernel - Info Disclosure
CVSS 5.5
Details
Vulnerabilities
386