CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1060 vulnerabilities reference this CWE, most recent first.
GHSA-43W5-MMXV-CPVH
Vulnerability from github – Published: 2026-03-17 16:59 – Updated: 2026-03-31 18:45In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., authors[1].name followed by authors[0].name).
Example
With such an application
package dosform;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.MediaType;
import io.micronaut.http.annotation.Body;
import io.micronaut.http.annotation.Consumes;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Post;
import io.micronaut.http.annotation.Produces;
import java.net.URI;
@Controller
class HomeController {
@Produces(MediaType.TEXT_HTML)
@Get
String index() {
return """
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form action="/submit" method="post">
<label for="firstAuthor">Fist Author</label>
<input id="firstAuthor" name="authors[0].name" type="text"/>
<label for="secondAuthor">Second Author</label>
<input id="secondAuthor" name="authors[1].name" type="text"/>
<label for="thirdAuthor">Third Author</label>
<input id="thirdAuthor" name="authors[2].name" type="text"/>
<button type="submit">Submit</button>
</form>
</body>
</html>
""";
}
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Post("/submit")
HttpResponse<?> submit(@Body Book book) {
return HttpResponse.seeOther(URI.create("/"));
}
}
package dosform;
import io.micronaut.core.annotation.Introspected;
import java.util.Objects;
@Introspected
public class Author {
private String name;
public String getName() { return name; }
public void setName(String name) { this.name = name; }
@Override
public final boolean equals(Object o) {
if (!(o instanceof Author)) return false;
Author author = (Author) o;
return Objects.equals(name, author.name);
}
@Override
public int hashCode() {
return Objects.hashCode(name);
}
@Override
public String toString() {
return "Author{" +
"name='" + name + '\'' +
'}';
}
}
package dosform;
import io.micronaut.core.annotation.Introspected;
import java.util.List;
import java.util.Objects;
@Introspected
public class Book {
private List<Author> authors;
public List<Author> getAuthors() { return authors; }
public void setAuthors(List<Author> authors) { this.authors = authors; }
@Override
public final boolean equals(Object o) {
if (!(o instanceof Book)) return false;
Book book = (Book) o;
return Objects.equals(authors, book.authors);
}
@Override
public int hashCode() {
return Objects.hashCode(authors);
}
@Override
public String toString() {
return "Book{" +
"authors=" + authors +
'}';
}
}
Sending curl -v -X POST 'http://127.0.0.1:8080/submit' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'authors[1].name=RobertGalbraith' --data-urlencode 'authors[0].name=JKRowling' causes sustained CPU usage and unbounded memory growth (eventually OutOfMemoryError).
Patches
For Micronaut 4, the problem has been patched in micronaut-core, dependencies with group id io.micronaut, since 4.10.16.
For Micronaut 3, the problem has been patched since 3.10.5
Users upgrade to the latest version of the framework.
Workarounds
There is no way for users to fix or remediate the vulnerability without upgrading.
References
PR Fix: https://github.com/micronaut-projects/micronaut-core/pull/12410
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.micronaut:micronaut-json-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-M1"
},
{
"fixed": "4.10.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.micronaut:micronaut-json-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.9.0"
},
{
"fixed": "3.10.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.micronaut:micronaut-json-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33013"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T16:59:59Z",
"nvd_published_at": "2026-03-20T05:16:15Z",
"severity": "HIGH"
},
"details": "In `JsonBeanPropertyBinder::expandArrayToThreshold` in `io.micronaut:micronaut-json-core` before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., `authors[1].name` followed by `authors[0].name`).\n\n### Example\n\nWith such an application\n\n```java\npackage dosform;\n\nimport io.micronaut.http.HttpResponse;\nimport io.micronaut.http.MediaType;\nimport io.micronaut.http.annotation.Body;\nimport io.micronaut.http.annotation.Consumes;\nimport io.micronaut.http.annotation.Controller;\nimport io.micronaut.http.annotation.Get;\nimport io.micronaut.http.annotation.Post;\nimport io.micronaut.http.annotation.Produces;\n\nimport java.net.URI;\n\n@Controller\nclass HomeController {\n\n @Produces(MediaType.TEXT_HTML)\n @Get\n String index() {\n return \"\"\"\n \u003c!DOCTYPE html\u003e\n \u003chtml\u003e\n \u003chead\u003e\n \u003ctitle\u003e\u003c/title\u003e\n \u003c/head\u003e\n \u003cbody\u003e\n \u003cform action=\"/submit\" method=\"post\"\u003e\n \u003clabel for=\"firstAuthor\"\u003eFist Author\u003c/label\u003e\n \u003cinput id=\"firstAuthor\" name=\"authors[0].name\" type=\"text\"/\u003e\n\n \u003clabel for=\"secondAuthor\"\u003eSecond Author\u003c/label\u003e\n \u003cinput id=\"secondAuthor\" name=\"authors[1].name\" type=\"text\"/\u003e\n \n \u003clabel for=\"thirdAuthor\"\u003eThird Author\u003c/label\u003e\n \u003cinput id=\"thirdAuthor\" name=\"authors[2].name\" type=\"text\"/\u003e\n\n \u003cbutton type=\"submit\"\u003eSubmit\u003c/button\u003e\n \u003c/form\u003e\n \n \u003c/body\u003e\n \u003c/html\u003e\n \"\"\";\n }\n\n @Consumes(MediaType.APPLICATION_FORM_URLENCODED)\n @Post(\"/submit\")\n HttpResponse\u003c?\u003e submit(@Body Book book) {\n return HttpResponse.seeOther(URI.create(\"/\"));\n }\n}\npackage dosform;\n\nimport io.micronaut.core.annotation.Introspected;\n\nimport java.util.Objects;\n\n@Introspected\npublic class Author {\n private String name;\n public String getName() { return name; }\n public void setName(String name) { this.name = name; }\n\n @Override\n public final boolean equals(Object o) {\n if (!(o instanceof Author)) return false;\n\n Author author = (Author) o;\n return Objects.equals(name, author.name);\n }\n\n @Override\n public int hashCode() {\n return Objects.hashCode(name);\n }\n\n @Override\n public String toString() {\n return \"Author{\" +\n \"name=\u0027\" + name + \u0027\\\u0027\u0027 +\n \u0027}\u0027;\n }\n}\npackage dosform;\n\nimport io.micronaut.core.annotation.Introspected;\n\nimport java.util.List;\nimport java.util.Objects;\n\n@Introspected\npublic class Book {\n private List\u003cAuthor\u003e authors;\n public List\u003cAuthor\u003e getAuthors() { return authors; }\n public void setAuthors(List\u003cAuthor\u003e authors) { this.authors = authors; }\n\n @Override\n public final boolean equals(Object o) {\n if (!(o instanceof Book)) return false;\n\n Book book = (Book) o;\n return Objects.equals(authors, book.authors);\n }\n\n @Override\n public int hashCode() {\n return Objects.hashCode(authors);\n }\n\n @Override\n public String toString() {\n return \"Book{\" +\n \"authors=\" + authors +\n \u0027}\u0027;\n }\n}\n```\n\nSending `curl -v -X POST \u0027http://127.0.0.1:8080/submit\u0027 -H \u0027Content-Type: application/x-www-form-urlencoded\u0027 --data-urlencode \u0027authors[1].name=RobertGalbraith\u0027 --data-urlencode \u0027authors[0].name=JKRowling\u0027` causes sustained CPU usage and unbounded memory growth (eventually `OutOfMemoryError`). \n\n### Patches\nFor Micronaut 4, the problem has been patched in `micronaut-core`, dependencies with group id `io.micronaut`, since [4.10.16](https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.16).\n\nFor Micronaut 3, the problem has been patched since [3.10.5](https://github.com/micronaut-projects/micronaut-core/releases/tag/v3.10.5)\n\nUsers upgrade to the latest version of the framework. \n\n### Workarounds\nThere is no way for users to fix or remediate the vulnerability without upgrading.\n\n### References\nPR Fix: https://github.com/micronaut-projects/micronaut-core/pull/12410",
"id": "GHSA-43w5-mmxv-cpvh",
"modified": "2026-03-31T18:45:02Z",
"published": "2026-03-17T16:59:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-43w5-mmxv-cpvh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33013"
},
{
"type": "WEB",
"url": "https://github.com/micronaut-projects/micronaut-core/pull/12410"
},
{
"type": "WEB",
"url": "https://github.com/micronaut-projects/micronaut-core/commit/1afe509677c51b320041b7a2c177366d4a4deb55"
},
{
"type": "PACKAGE",
"url": "https://github.com/micronaut-projects/micronaut-core"
},
{
"type": "WEB",
"url": "https://github.com/micronaut-projects/micronaut-core/releases/tag/v3.10.5"
},
{
"type": "WEB",
"url": "https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices"
}
GHSA-45C7-642Q-QM9M
Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-06-25 18:31An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2023-34966"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T15:15:11Z",
"severity": "HIGH"
},
"details": "An infinite loop vulnerability was found in Samba\u0027s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.",
"id": "GHSA-45c7-642q-qm9m",
"modified": "2024-06-25T18:31:20Z",
"published": "2023-07-20T18:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34966"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:6667"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7139"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0580"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-34966"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222793"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230731-0010"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5477"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2023-34966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45XF-WH8J-3X9P
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
f2fs: avoid infinite loop to flush node pages
xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it.
[16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d/0x130 [16418.525238] __submit_bio+0x49/0x310 [f2fs] [16418.525339] ? bio_add_page+0x6a/0x90 [16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs] [16418.525365] read_node_page+0x125/0x1b0 [f2fs] [16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs] [16418.525409] __get_node_page+0x2f/0x60 [f2fs] [16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs] [16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30 [16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40 [16418.525467] ? __xa_set_mark+0x57/0x70 [16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs] [16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs] [16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90 [16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs] [16418.525545] ? blk_flush_plug_list+0x47/0x100 [16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs] [16418.525569] do_writepages+0xd5/0x210 [16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0 [16418.525655] filemap_fdatawrite+0x50/0x70 [16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs] [16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs] [16418.525699] ? ttwu_do_wakeup+0x1c/0x160 [16418.525709] ? ttwu_do_activate+0x6d/0xd0 [16418.525711] ? __wait_for_common+0x11d/0x150 [16418.525715] kill_f2fs_super+0xca/0x100 [f2fs] [16418.525733] deactivate_locked_super+0x3b/0xb0 [16418.525739] deactivate_super+0x40/0x50 [16418.525741] cleanup_mnt+0x139/0x190 [16418.525747] __cleanup_mnt+0x12/0x20 [16418.525749] task_work_run+0x6d/0xa0 [16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0 [16418.525771] syscall_exit_to_user_mode+0x27/0x50 [16418.525774] do_syscall_64+0x48/0xc0 [16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae
{
"affected": [],
"aliases": [
"CVE-2022-49317"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let\u0027s avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553] ? dm_submit_bio+0x48/0x400\n[16418.518574] ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207] __submit_bio+0x1a9/0x230\n[16418.525210] ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223] submit_bio_noacct+0xa8/0x2b0\n[16418.525226] submit_bio+0x4d/0x130\n[16418.525238] __submit_bio+0x49/0x310 [f2fs]\n[16418.525339] ? bio_add_page+0x6a/0x90\n[16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365] read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409] __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467] ? __xa_set_mark+0x57/0x70\n[16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545] ? blk_flush_plug_list+0x47/0x100\n[16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569] do_writepages+0xd5/0x210\n[16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655] filemap_fdatawrite+0x50/0x70\n[16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699] ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709] ? ttwu_do_activate+0x6d/0xd0\n[16418.525711] ? __wait_for_common+0x11d/0x150\n[16418.525715] kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733] deactivate_locked_super+0x3b/0xb0\n[16418.525739] deactivate_super+0x40/0x50\n[16418.525741] cleanup_mnt+0x139/0x190\n[16418.525747] __cleanup_mnt+0x12/0x20\n[16418.525749] task_work_run+0x6d/0xa0\n[16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771] syscall_exit_to_user_mode+0x27/0x50\n[16418.525774] do_syscall_64+0x48/0xc0\n[16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae",
"id": "GHSA-45xf-wh8j-3x9p",
"modified": "2025-03-14T00:30:51Z",
"published": "2025-03-14T00:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49317"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7b8618aa2f0f926ce85f2486ac835a85c753ca7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4699-632X-4VXR
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-04-04 03:06In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
{
"affected": [],
"aliases": [
"CVE-2019-12068"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-24T20:15:00Z",
"severity": "LOW"
},
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GHSA-4699-632x-4vxr",
"modified": "2024-04-04T03:06:56Z",
"published": "2022-05-24T22:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-46HJ-M8HR-C3H7
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
{
"affected": [],
"aliases": [
"CVE-2013-2789"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-08-22T05:34:00Z",
"severity": "HIGH"
},
"details": "The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.",
"id": "GHSA-46hj-m8hr-c3h7",
"modified": "2022-05-13T01:03:51Z",
"published": "2022-05-13T01:03:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2789"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-226-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-46HR-8MQ3-W232
Vulnerability from github – Published: 2025-11-20 15:30 – Updated: 2025-11-21 21:30Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.
{
"affected": [],
"aliases": [
"CVE-2025-41075"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-20T15:17:29Z",
"severity": "MODERATE"
},
"details": "Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin\u00a0that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.",
"id": "GHSA-46hr-8mq3-w232",
"modified": "2025-11-21T21:30:17Z",
"published": "2025-11-20T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41075"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4749-XQ6X-59V3
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-04 00:00Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
{
"affected": [],
"aliases": [
"CVE-2022-23968"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-26T06:15:00Z",
"severity": "HIGH"
},
"details": "Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included \"believed to affect all previous and later versions as of the date of this posting\" but a 2022-01-26 vendor statement reports \"the latest versions of firmware are not vulnerable to this issue.\"",
"id": "GHSA-4749-xq6x-59v3",
"modified": "2022-02-04T00:00:46Z",
"published": "2022-01-27T00:01:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23968"
},
{
"type": "WEB",
"url": "https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers"
},
{
"type": "WEB",
"url": "https://twitter.com/mqudsi/status/1485756915187695618"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-48MR-3PHH-9XCG
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
{
"affected": [],
"aliases": [
"CVE-2017-6299"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-24T04:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\"",
"id": "GHSA-48mr-3phh-9xcg",
"modified": "2025-04-20T03:33:21Z",
"published": "2022-05-13T01:46:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6299"
},
{
"type": "WEB",
"url": "https://github.com/Yeraze/ytnef/pull/27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3846"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96423"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48R6-G3Q9-VPCP
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:45The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
{
"affected": [],
"aliases": [
"CVE-2017-14741"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-26T02:29:00Z",
"severity": "MODERATE"
},
"details": "The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.",
"id": "GHSA-48r6-g3q9-vpcp",
"modified": "2025-04-20T03:45:53Z",
"published": "2022-05-13T01:17:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14741"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/771"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4987-5P3P-9R27
Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:47An issue was discovered in OFPBundleCtrlMsg in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ryu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35139"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-11T22:03:55Z",
"nvd_published_at": "2023-08-11T14:15:11Z",
"severity": "HIGH"
},
"details": "An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
"id": "GHSA-4987-5p3p-9r27",
"modified": "2023-08-18T15:47:53Z",
"published": "2023-08-11T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35139"
},
{
"type": "WEB",
"url": "https://github.com/faucetsdn/ryu/issues/118"
},
{
"type": "PACKAGE",
"url": "https://github.com/faucetsdn/ryu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.