Common Weakness Enumeration

CWE-674

Allowed-with-Review

Uncontrolled Recursion

Abstraction: Class · Status: Draft

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

615 vulnerabilities reference this CWE, most recent first.

GHSA-VJJ7-39VR-35R3

Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2026-03-06 18:31
VLAI
Details

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.",
  "id": "GHSA-vjj7-39vr-35r3",
  "modified": "2026-03-06T18:31:09Z",
  "published": "2022-08-11T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/417065"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/53415"
    },
    {
      "type": "WEB",
      "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0527"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPPJ-Q42F-96W5

Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-27 00:01
VLAI
Details

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
  "id": "GHSA-vppj-q42f-96w5",
  "modified": "2022-05-27T00:01:12Z",
  "published": "2022-05-19T00:00:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1771"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR34-263X-7Q3R

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-20T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A stack overflow in libyang \u003c= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.",
  "id": "GHSA-vr34-263x-7q3r",
  "modified": "2022-05-24T19:02:50Z",
  "published": "2022-05-24T19:02:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28903"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CESNET/libyang/issues/1453"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRM3-V8W6-8742

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-09T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.",
  "id": "GHSA-vrm3-v8w6-8742",
  "modified": "2022-05-13T01:44:05Z",
  "published": "2022-05-13T01:44:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16419"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101817"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VVX9-XFCG-G62V

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()

target_tg_pt_gp_members_show() formats LUN paths with snprintf() into a 256-byte stack buffer, then will memcpy() cur_len bytes from that buffer. snprintf() returns the length the output would have had, which can exceed the buffer size when the fabric WWN is long because iSCSI IQN names can be up to 223 bytes. The check at the memcpy() site only guards the destination page write, not the source read, so memcpy() will read past the stack buffer and copy adjacent stack contents to the sysfs reader, which when CONFIG_FORTIFY_SOURCE is enabled, fortify_panic() will be triggered.

Commit 27e06650a5ea ("scsi: target: target_core_configfs: Add length check to avoid buffer overflow") added the same bound to the target_lu_gp_members_show() but the tg_pt_gp variant was missed so resolve that here.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:30Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()\n\ntarget_tg_pt_gp_members_show() formats LUN paths with snprintf() into a\n256-byte stack buffer, then will memcpy() cur_len bytes from that\nbuffer.  snprintf() returns the length the output would have had, which\ncan exceed the buffer size when the fabric WWN is long because iSCSI IQN\nnames can be up to 223 bytes.  The check at the memcpy() site only\nguards the destination page write, not the source read, so memcpy() will\nread past the stack buffer and copy adjacent stack contents to the sysfs\nreader, which when CONFIG_FORTIFY_SOURCE is enabled, fortify_panic()\nwill be triggered.\n\nCommit 27e06650a5ea (\"scsi: target: target_core_configfs: Add length\ncheck to avoid buffer overflow\") added the same bound to the\ntarget_lu_gp_members_show() but the tg_pt_gp variant was missed so\nresolve that here.",
  "id": "GHSA-vvx9-xfcg-g62v",
  "modified": "2026-06-01T18:31:38Z",
  "published": "2026-05-28T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46149"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00d91bfdce5033f5d9b4915638ae9b0553848b5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12f2201a56957ba020392223a7393a5eba080c1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f678d13e939f91840cb1ebe9b88544923539d3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72cc5ea7ef32bb5fa38bf0dd2e56fcd73aa8c89e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/772a896a56e0e3ef9424a025cec9176f9d8f4552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3cc9d490c207d57a289054397349f6f8c90354e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db0a4759d62cad4ff891e2d81ae4be73bb57f4a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e501154f9d82c95d2719bcbbaf679d8fd3226ef7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W239-58X2-Q8P5

Vulnerability from github – Published: 2026-05-07 02:07 – Updated: 2026-06-08 23:47
VLAI
Summary
go-ipld-prime's DAG-CBOR and DAG-JSON decoders have unbounded recursion depth
Details

The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growing the goroutine stack until the Go runtime terminates the process with a fatal stack overflow (distinct from a recoverable panic).

For DAG-CBOR, a payload of approximately 2 MB, consisting of repeated 0x81 (array-of-1) bytes followed by a terminator, produces around 2 million recursion frames and reliably exhausts Go's default 1 GB goroutine stack. The existing allocation budget does not prevent this: each nested collection header costs only a handful of budget units, so the stack is exhausted before the budget is. DAG-JSON has equivalent exposure via [[[...]]]-style payloads; it has no budget system and is therefore unprotected against recursion depth as well.

Schema-free decoding (using basicnode.Prototype.Any) allows arbitrary nesting depth. Schema-bound decoding bounds nesting only when the schema itself is non-recursive and contains no fields typed as Any; schemas with recursive type references or any Any-typed fields permit unconstrained nesting at those points.

The fix adds a configurable MaxDepth option to both decoders, defaulting to 1024 nested levels. The decoder returns ErrDecodeDepthExceeded when a payload nests beyond the limit. Well-formed IPLD data rarely approaches this depth in practice; the default is generous for legitimate use while preventing stack exhaustion.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ipld/go-ipld-prime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T02:07:21Z",
    "nvd_published_at": "2026-05-27T18:16:22Z",
    "severity": "MODERATE"
  },
  "details": "The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growing the goroutine stack until the Go runtime terminates the process with a fatal stack overflow (distinct from a recoverable panic).\n\nFor DAG-CBOR, a payload of approximately 2 MB, consisting of repeated `0x81` (array-of-1) bytes followed by a terminator, produces around 2 million recursion frames and reliably exhausts Go\u0027s default 1 GB goroutine stack. The existing allocation budget does not prevent this: each nested collection header costs only a handful of budget units, so the stack is exhausted before the budget is. DAG-JSON has equivalent exposure via `[[[...]]]`-style payloads; it has no budget system and is therefore unprotected against recursion depth as well.\n\nSchema-free decoding (using `basicnode.Prototype.Any`) allows arbitrary nesting depth. Schema-bound decoding bounds nesting only when the schema itself is non-recursive and contains no fields typed as `Any`; schemas with recursive type references or any `Any`-typed fields permit unconstrained nesting at those points.\n\nThe fix adds a configurable `MaxDepth` option to both decoders, defaulting to 1024 nested levels. The decoder returns `ErrDecodeDepthExceeded` when a payload nests beyond the limit. Well-formed IPLD data rarely approaches this depth in practice; the default is generous for legitimate use while preventing stack exhaustion.",
  "id": "GHSA-w239-58x2-q8p5",
  "modified": "2026-06-08T23:47:37Z",
  "published": "2026-05-07T02:07:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ipld/go-ipld-prime/security/advisories/GHSA-w239-58x2-q8p5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42328"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ipld/go-ipld-prime"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-ipld-prime\u0027s DAG-CBOR and DAG-JSON decoders have unbounded recursion depth"
}

GHSA-W2GJ-35CX-6H66

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.",
  "id": "GHSA-w2gj-35cx-6h66",
  "modified": "2022-05-24T19:19:09Z",
  "published": "2022-05-24T19:19:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22454"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2PR-2387-VXGH

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records.",
  "id": "GHSA-w2pr-2387-vxgh",
  "modified": "2022-05-24T17:18:07Z",
  "published": "2022-05-24T17:18:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12662"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I"
    },
    {
      "type": "WEB",
      "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200702-0006"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4374-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4694"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://www.nxnsattack.com"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W3VF-7FPC-9FWW

Vulnerability from github – Published: 2021-12-08 00:00 – Updated: 2025-07-03 21:31
VLAI
Details

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.",
  "id": "GHSA-w3vf-7fpc-9fww",
  "modified": "2025-07-03T21:31:20Z",
  "published": "2021-12-08T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42717"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5023"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5MM-9FFH-GJVJ

Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-01-03 09:30
VLAI
Details

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-03T08:15:11Z",
    "severity": "HIGH"
  },
  "details": "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-w5mm-9ffh-gjvj",
  "modified": "2024-01-03T09:30:30Z",
  "published": "2024-01-03T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0210"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19504"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2024-04.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.

Mitigation
Implementation

Increase the stack size.

CAPEC-230: Serialized Data with Nested Payloads

Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.

CAPEC-231: Oversized Serialized Data Payloads

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.