CVE-2023-52079

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-674
View all →

Vulnerability Description

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

Related Vulnerabilities

CVE-2017-0886

MEDIUM
CVSS:6.5(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the applicati...

CWE-6742017

CVE-2017-10910

MEDIUM
CVSS:6.5(Medium)

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

CWE-6742017

CVE-2017-16419

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th...

CWE-6742017

CVE-2018-0739

MEDIUM
CVSS:6.5(Medium)

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of S...

CWE-6742018

CVE-2018-1158

MEDIUM
CVSS:6.5(Medium)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

CWE-6742018

CVE-2018-20821

MEDIUM
CVSS:6.5(Medium)

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

CWE-6742018