CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-RQRC-8Q8F-CP9C
Vulnerability from github – Published: 2022-04-08 18:11 – Updated: 2022-04-08 18:11A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Bond.Core.CSharp"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1469"
],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-08T18:11:51Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka \u0027Bond Denial of Service Vulnerability\u0027. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.",
"id": "GHSA-rqrc-8q8f-cp9c",
"modified": "2022-04-08T18:11:51Z",
"published": "2022-04-08T18:11:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://www.nuget.org/packages/Bond.Core.CSharp/9.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite loop in .Net Bond"
}
GHSA-RQXX-J33Q-88VV
Vulnerability from github – Published: 2022-05-02 03:39 – Updated: 2025-04-09 04:15smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
{
"affected": [],
"aliases": [
"CVE-2009-2906"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-10-07T18:30:00Z",
"severity": "MODERATE"
},
"details": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.",
"id": "GHSA-rqxx-j33q-88vv",
"modified": "2025-04-09T04:15:11Z",
"published": "2022-05-02T03:39:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2906"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1528"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2009-2906"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526645"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.0.37"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.2.15"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.3.8"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.4.2"
},
{
"type": "WEB",
"url": "http://osvdb.org/58519"
},
{
"type": "WEB",
"url": "http://samba.org/samba/security/CVE-2009-2906.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36893"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36918"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36937"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36953"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37428"
},
{
"type": "WEB",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4077"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/36573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1022976"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-839-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/2810"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RV4C-7XGC-3X93
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
{
"affected": [],
"aliases": [
"CVE-2019-1000020"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-04T21:29:00Z",
"severity": "MODERATE"
},
"details": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.",
"id": "GHSA-rv4c-7xgc-3x93",
"modified": "2022-05-13T01:21:42Z",
"published": "2022-05-13T01:21:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000020"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/pull/1120"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2298"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3698"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3884-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RV63-GQM8-9W8Q
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-07-06 19:54handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-handler"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0.Alpha1"
},
{
"fixed": "4.0.37.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-handler"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0.Beta1"
},
{
"fixed": "4.1.1.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-4970"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:54:08Z",
"nvd_published_at": "2017-04-13T14:59:00Z",
"severity": "HIGH"
},
"details": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).",
"id": "GHSA-rv63-gqm8-9w8q",
"modified": "2022-07-06T19:54:08Z",
"published": "2022-05-13T01:11:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/pull/5364"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"type": "WEB",
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"type": "WEB",
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loop with Unreachable Exit Condition in Netty"
}
GHSA-RV83-GXHH-G4JR
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
{
"affected": [],
"aliases": [
"CVE-2018-7332"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.",
"id": "GHSA-rv83-gxhh-g4jr",
"modified": "2022-05-13T01:53:22Z",
"published": "2022-05-13T01:53:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7332"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RV95-4WXJ-6FQQ
Vulnerability from github – Published: 2019-02-07 18:18 – Updated: 2024-09-13 14:26In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "colander"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-18361"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:55:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.",
"id": "GHSA-rv95-4wxj-6fqq",
"modified": "2024-09-13T14:26:33Z",
"published": "2019-02-07T18:18:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18361"
},
{
"type": "WEB",
"url": "https://github.com/Pylons/colander/issues/290"
},
{
"type": "WEB",
"url": "https://github.com/Pylons/colander/pull/323"
},
{
"type": "WEB",
"url": "https://github.com/Pylons/colander/commit/98805557c10ab5ff3016ed09aa2d48c49b9df40b"
},
{
"type": "PACKAGE",
"url": "https://github.com/Pylons/colander"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rv95-4wxj-6fqq"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/colander/PYSEC-2019-167.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pylons Colander Denial of Service vulnerability"
}
GHSA-RVQR-F374-3QQW
Vulnerability from github – Published: 2022-05-02 03:23 – Updated: 2022-05-02 03:23libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
{
"affected": [],
"aliases": [
"CVE-2009-1270"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-04-08T16:30:00Z",
"severity": "HIGH"
},
"details": "libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.",
"id": "GHSA-rvqr-f374-3qqw",
"modified": "2022-05-02T03:23:15Z",
"published": "2022-05-02T03:23:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1270"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49846"
},
{
"type": "WEB",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/53461"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34716"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36701"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3865"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1771"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/04/07/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34357"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-754-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0934"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V347-C52R-65XM
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2025-04-20 03:34The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
{
"affected": [],
"aliases": [
"CVE-2017-5973"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-27T15:59:00Z",
"severity": "MODERATE"
},
"details": "The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.",
"id": "GHSA-v347-c52r-65xm",
"modified": "2025-04-20T03:34:50Z",
"published": "2022-05-13T01:07:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5973"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"type": "WEB",
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
},
{
"type": "WEB",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3Q7-57MP-77XP
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
{
"affected": [],
"aliases": [
"CVE-2020-15466"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-05T11:15:00Z",
"severity": "MODERATE"
},
"details": "In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.",
"id": "GHSA-v3q7-57mp-77xp",
"modified": "2022-05-24T17:22:23Z",
"published": "2022-05-24T17:22:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15466"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-13"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-09.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V456-CHPW-6MMW
Vulnerability from github – Published: 2022-08-10 00:00 – Updated: 2022-08-18 19:15It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "apache-avro"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35724"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-18T19:15:54Z",
"nvd_published_at": "2022-08-09T07:15:00Z",
"severity": "HIGH"
},
"details": "It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.",
"id": "GHSA-v456-chpw-6mmw",
"modified": "2022-08-18T19:15:54Z",
"published": "2022-08-10T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35724"
},
{
"type": "PACKAGE",
"url": "https://github.com/a0x8o/avro"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.