Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-GXRC-XC5X-P823

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "An error within the \"parse_minolta()\" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.",
  "id": "GHSA-gxrc-xc5x-p823",
  "modified": "2022-05-13T01:13:37Z",
  "published": "2022-05-13T01:13:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5813"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/commit/e47384546b43d0fd536e933249047bc397a4d88b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/83050"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3838-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H25G-V6RP-RJ4H

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-26 18:33
VLAI
Details

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-25T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",
  "id": "GHSA-h25g-v6rp-rj4h",
  "modified": "2024-04-26T18:33:42Z",
  "published": "2022-05-24T16:44:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3900"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1973"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/18"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Nov/11"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190517-0005"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4114-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4115-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4116-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4117-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4497"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/kernel/msg3111012.html"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2029"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2043"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3220"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3517"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3836"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3967"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:4058"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0204"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-3900"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698757"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2CQ-P42H-RQ44

Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/riscv: Remove overflows on the invalidation path

Since RISC-V supports a sign extended page table it should support a gather->end of ULONG_MAX, but if this happens it will infinite loop because of the overflow.

Also avoid overflow computing the length by moving the +1 to the other side of the <

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T20:17:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/riscv: Remove overflows on the invalidation path\n\nSince RISC-V supports a sign extended page table it should support\na gather-\u003eend of ULONG_MAX, but if this happens it will infinite loop\nbecause of the overflow.\n\nAlso avoid overflow computing the length by moving the +1 to the other\nside of the \u003c",
  "id": "GHSA-h2cq-p42h-rq44",
  "modified": "2026-07-06T21:30:26Z",
  "published": "2026-06-26T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40a13b49957937427bc23e78eb50679df4396a47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f0632b0d4246675fa221aa1a3bffadf9c6bd9ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4b7687784153481de45fd39fb97ba3919605c0c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2FJ-P2F3-RMWC

Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2025-11-04 00:30
VLAI
Details

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-30T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-h2fj-p2f3-rmwc",
  "modified": "2025-11-04T00:30:37Z",
  "published": "2023-05-31T00:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2952"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19100"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-02"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5429"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2023-20.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2GC-758G-276M

Vulnerability from github – Published: 2026-04-21 00:32 – Updated: 2026-04-21 00:32
VLAI
Details

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T00:16:29Z",
    "severity": "MODERATE"
  },
  "details": "In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.",
  "id": "GHSA-h2gc-758g-276m",
  "modified": "2026-04-21T00:32:14Z",
  "published": "2026-04-21T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f"
    },
    {
      "type": "WEB",
      "url": "https://www.openbsd.org/errata78.html"
    },
    {
      "type": "WEB",
      "url": "https://www.rfc-editor.org/rfc/rfc4861#section-4.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H436-432X-8FVX

Vulnerability from github – Published: 2019-03-14 15:41 – Updated: 2024-02-27 18:28
VLAI
Summary
Apache Commons Compress vulnerable to denial of service due to infinite loop
Details

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.commons:commons-compress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay:com.liferay.portal.tools.bundle.support"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.7"
            },
            {
              "fixed": "3.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.takari:commons-compress"
      },
      "versions": [
        "1.12"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:38:39Z",
    "nvd_published_at": "2018-03-16T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress\u0027 extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
  "id": "GHSA-h436-432x-8fvx",
  "modified": "2024-02-27T18:28:56Z",
  "published": "2019-03-14T15:41:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1324"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/commons-compress/commit/2a2f1dc48e22a34ddb72321a4db211da91aa933b"
    },
    {
      "type": "WEB",
      "url": "https://arxiv.org/pdf/2306.05534.pdf"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h436-432x-8fvx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/commons-compress"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jensdietrich/xshady-release/tree/main/CVE-2018-1324"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5532dc8d5456b5151e8c286801e2e5769f5c04118b29c3b5d13ea387@%3Cissues.beam.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Commons Compress vulnerable to denial of service due to infinite loop"
}

GHSA-H52P-PMHH-X2JV

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-19T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
  "id": "GHSA-h52p-pmhh-x2jv",
  "modified": "2022-05-24T19:11:42Z",
  "published": "2022-05-24T19:11:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31400"
    },
    {
      "type": "WEB",
      "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/608209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H552-2XRP-FMR5

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-17T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).",
  "id": "GHSA-h552-2xrp-fmr5",
  "modified": "2022-05-13T01:43:27Z",
  "published": "2022-05-13T01:43:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14519"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H56G-VJC8-2CGW

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-04T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.",
  "id": "GHSA-h56g-vjc8-2cgw",
  "modified": "2022-05-13T01:53:52Z",
  "published": "2022-05-13T01:53:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9257"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-22.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H754-3P37-55GV

Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat:

KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]",
  "id": "GHSA-h754-3p37-55gv",
  "modified": "2026-05-12T12:31:56Z",
  "published": "2024-06-21T12:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36288"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.