Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1060 vulnerabilities reference this CWE, most recent first.

GHSA-8PP8-7WVW-F67F

Vulnerability from github – Published: 2022-05-13 01:51 – Updated: 2022-05-13 01:51
VLAI
Details

libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-22T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.",
  "id": "GHSA-8pp8-7wvw-f67f",
  "modified": "2022-05-13T01:51:00Z",
  "published": "2022-05-13T01:51:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20348"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libyal/libpff/issues/48"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PW9-7GV3-535C

Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix the infinite loop in exfat_readdir()

If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop.

This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs().

This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T13:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the infinite loop in exfat_readdir()\n\nIf the file system is corrupted so that a cluster is linked to\nitself in the cluster chain, and there is an unused directory\nentry in the cluster, \u0027dentry\u0027 will not be incremented, causing\ncondition \u0027dentry \u003c max_dentries\u0027 unable to prevent an infinite\nloop.\n\nThis infinite loop causes s_lock not to be released, and other\ntasks will hang, such as exfat_sync_fs().\n\nThis commit stops traversing the cluster chain when there is unused\ndirectory entry in the cluster to avoid this infinite loop.",
  "id": "GHSA-8pw9-7gv3-535c",
  "modified": "2026-05-12T15:30:44Z",
  "published": "2025-01-21T15:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57940"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31beabd0f47f8c3ed9965ba861c9e5b252d4920a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8cfbb8723bd3d3222f360227a1cc15227189ca6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9ea94f5cd117d56e573696d0045ab3044185a15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc1d7afceb982e8f666e70a582e6b5aa806de063"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fee873761bd978d077d8c55334b4966ac4cb7b59"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q6Q-3849-7CM3

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46
VLAI
Details

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-17T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.",
  "id": "GHSA-8q6q-3849-7cm3",
  "modified": "2022-05-13T01:46:24Z",
  "published": "2022-05-13T01:46:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6014"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-12"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3811"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96284"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QPF-FV36-H4R8

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-11-02 00:42
VLAI
Summary
Infinite Loop in Jenkins Core
Details

A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.138"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1999044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-02T00:42:37Z",
    "nvd_published_at": "2018-08-23T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. \"Poll SCM\", \"Build periodically\") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.\n",
  "id": "GHSA-8qpf-fv36-h4r8",
  "modified": "2022-11-02T00:42:37Z",
  "published": "2022-05-13T01:50:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/jenkins/commit/e5046911c57e60a1d6d8aca9b21bd9093b0f3763"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Infinite Loop in Jenkins Core"
}

GHSA-8QVV-3Q23-2876

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-20 03:44
VLAI
Details

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-29T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",
  "id": "GHSA-8qvv-3q23-2876",
  "modified": "2025-04-20T03:44:00Z",
  "published": "2022-05-13T01:09:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484274"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201804-13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8R3F-844C-MC37

Vulnerability from github – Published: 2024-03-06 00:31 – Updated: 2024-11-07 19:19
VLAI
Summary
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Details

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "google.golang.org/protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "google.golang.org/protobuf/encoding/protojson"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "google.golang.org/protobuf/internal/encoding/json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-13T21:01:28Z",
    "nvd_published_at": "2024-03-05T23:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
  "id": "GHSA-8r3f-844c-mc37",
  "modified": "2024-11-07T19:19:40Z",
  "published": "2024-03-06T00:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
    },
    {
      "type": "WEB",
      "url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/protocolbuffers/protobuf-go"
    },
    {
      "type": "WEB",
      "url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/569356"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2611"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240517-0002"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON"
}

GHSA-8W78-HR8V-FM5G

Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21
VLAI
Details

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-1282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-13T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.",
  "id": "GHSA-8w78-hr8v-fm5g",
  "modified": "2022-05-02T06:21:08Z",
  "published": "2022-05-02T06:21:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1282"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7388"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html"
    },
    {
      "type": "WEB",
      "url": "http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511254/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40088"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8WQQ-XRHR-W6MF

Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2022-10-07 18:16
VLAI
Details

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-7488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-07T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.",
  "id": "GHSA-8wqq-xrhr-w6mf",
  "modified": "2022-10-07T18:16:21Z",
  "published": "2022-05-05T00:29:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7488"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gbarr/perl-Convert-ASN1/issues/14"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8XQW-FXRF-XJ63

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-29T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",
  "id": "GHSA-8xqw-fxrf-xj63",
  "modified": "2022-05-13T01:27:13Z",
  "published": "2022-05-13T01:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18701"
    },
    {
      "type": "WEB",
      "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4326-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4336-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-923W-8GR7-5984

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-4453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-01T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.",
  "id": "GHSA-923w-8gr7-5984",
  "modified": "2022-05-13T01:26:35Z",
  "published": "2022-05-13T01:26:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4453"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201609-01"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/90928"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3047-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3047-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.