How severe is CVE-2024-2965?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-2965?

This is classified as CWE-674, which is a common weakness in software security.

CVE-2024-2965 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

Related Vulnerabilities

CVE-2018-16426

MEDIUM

CVSS:4.3(Medium)

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards...

CWE-6742018

CVE-2022-28201

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwi...

CWE-6742022

CVE-2024-54731

MEDIUM

CVSS:4.0(Medium)

cpdf through 2.8 allows stack consumption via a crafted PDF document.

CWE-6742024

CVE-2018-18020

LOW

CVSS:3.3(Low)

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a c...

CWE-6742018

CVE-2025-43708

LOW

CVSS:3.3(Low)

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insec...

CWE-6742025

CVE-2018-4002

MEDIUM

CVSS:5.3(Medium)

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label c...

CWE-6742018