Vulnerabilities > Excessive Iteration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-09 | CVE-2024-0842 | Excessive Iteration vulnerability in Softaculous Backuply The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. | 7.5 |
2024-02-08 | CVE-2024-25144 | Excessive Iteration vulnerability in Liferay DXP 7.2/7.3/7.4 The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame. | 6.5 |
2023-11-27 | CVE-2023-49316 | Excessive Iteration vulnerability in PHPseclib In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. | 7.5 |
2023-11-03 | CVE-2023-4043 | Excessive Iteration vulnerability in Eclipse Parsson In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | 7.5 |
2023-10-18 | CVE-2023-5632 | Excessive Iteration vulnerability in Eclipse Mosquitto In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. | 7.5 |
2023-08-09 | CVE-2023-33953 | Excessive Iteration vulnerability in Grpc gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. | 7.5 |
2023-08-02 | CVE-2023-29407 | Excessive Iteration vulnerability in multiple products A maliciously-crafted image can cause excessive CPU consumption in decoding. | 6.5 |
2023-07-31 | CVE-2023-3817 | Excessive Iteration vulnerability in Openssl Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. | 5.3 |
2023-07-24 | CVE-2023-38200 | Excessive Iteration vulnerability in multiple products A flaw was found in Keylime. | 7.5 |
2023-07-12 | CVE-2023-30226 | Excessive Iteration vulnerability in Rizin An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file. | 5.5 |