Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-RQRC-8Q8F-CP9C

Vulnerability from github – Published: 2022-04-08 18:11 – Updated: 2022-04-08 18:11
VLAI
Summary
Infinite loop in .Net Bond
Details

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Bond.Core.CSharp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "9.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-08T18:11:51Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka \u0027Bond Denial of Service Vulnerability\u0027. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.",
  "id": "GHSA-rqrc-8q8f-cp9c",
  "modified": "2022-04-08T18:11:51Z",
  "published": "2022-04-08T18:11:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1469"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/bond"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/Bond.Core.CSharp/9.0.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Infinite loop in .Net Bond"
}

GHSA-RQXX-J33Q-88VV

Vulnerability from github – Published: 2022-05-02 03:39 – Updated: 2025-04-09 04:15
VLAI
Details

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-2906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-07T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.",
  "id": "GHSA-rqxx-j33q-88vv",
  "modified": "2025-04-09T04:15:11Z",
  "published": "2022-05-02T03:39:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2906"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1528"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1529"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1585"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-2906"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526645"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://news.samba.org/releases/3.0.37"
    },
    {
      "type": "WEB",
      "url": "http://news.samba.org/releases/3.2.15"
    },
    {
      "type": "WEB",
      "url": "http://news.samba.org/releases/3.3.8"
    },
    {
      "type": "WEB",
      "url": "http://news.samba.org/releases/3.4.2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/58519"
    },
    {
      "type": "WEB",
      "url": "http://samba.org/samba/security/CVE-2009-2906.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36893"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36918"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36937"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36953"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37428"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36573"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022976"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-839-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2810"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RV4C-7XGC-3X93

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21
VLAI
Details

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1000020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-04T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.",
  "id": "GHSA-rv4c-7xgc-3x93",
  "modified": "2022-05-13T01:21:42Z",
  "published": "2022-05-13T01:21:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libarchive/libarchive/pull/1120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2298"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3698"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3884-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV63-GQM8-9W8Q

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-07-06 19:54
VLAI
Summary
Loop with Unreachable Exit Condition in Netty
Details

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-handler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0.Alpha1"
            },
            {
              "fixed": "4.0.37.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-handler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0.Beta1"
            },
            {
              "fixed": "4.1.1.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-4970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T19:54:08Z",
    "nvd_published_at": "2017-04-13T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).",
  "id": "GHSA-rv63-gqm8-9w8q",
  "modified": "2022-07-06T19:54:08Z",
  "published": "2022-05-13T01:11:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/pull/5364"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://wiki.opendaylight.org/view/Security_Advisories"
    },
    {
      "type": "WEB",
      "url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
    },
    {
      "type": "WEB",
      "url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Loop with Unreachable Exit Condition in Netty"
}

GHSA-RV83-GXHH-G4JR

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-23T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.",
  "id": "GHSA-rv83-gxhh-g4jr",
  "modified": "2022-05-13T01:53:22Z",
  "published": "2022-05-13T01:53:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7332"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV95-4WXJ-6FQQ

Vulnerability from github – Published: 2019-02-07 18:18 – Updated: 2024-09-13 14:26
VLAI
Summary
Pylons Colander Denial of Service vulnerability
Details

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "colander"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-18361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:55:55Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.",
  "id": "GHSA-rv95-4wxj-6fqq",
  "modified": "2024-09-13T14:26:33Z",
  "published": "2019-02-07T18:18:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18361"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/colander/issues/290"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/colander/pull/323"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/colander/commit/98805557c10ab5ff3016ed09aa2d48c49b9df40b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Pylons/colander"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rv95-4wxj-6fqq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/colander/PYSEC-2019-167.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Pylons Colander Denial of Service vulnerability"
}

GHSA-RVQR-F374-3QQW

Vulnerability from github – Published: 2022-05-02 03:23 – Updated: 2022-05-02 03:23
VLAI
Details

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-08T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.",
  "id": "GHSA-rvqr-f374-3qqw",
  "modified": "2022-05-02T03:23:15Z",
  "published": "2022-05-02T03:23:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1270"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49846"
    },
    {
      "type": "WEB",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53461"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34716"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1771"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/04/07/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34357"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-754-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V347-C52R-65XM

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2025-04-20 03:34
VLAI
Details

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-27T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.",
  "id": "GHSA-v347-c52r-65xm",
  "modified": "2025-04-20T03:34:50Z",
  "published": "2022-05-13T01:07:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5973"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201704-01"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/13/11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V3Q7-57MP-77XP

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-05T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.",
  "id": "GHSA-v3q7-57mp-77xp",
  "modified": "2022-05-24T17:22:23Z",
  "published": "2022-05-24T17:22:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15466"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-13"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2020-09.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V456-CHPW-6MMW

Vulnerability from github – Published: 2022-08-10 00:00 – Updated: 2022-08-18 19:15
VLAI
Summary
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
Details

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "apache-avro"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-18T19:15:54Z",
    "nvd_published_at": "2022-08-09T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.",
  "id": "GHSA-v456-chpw-6mmw",
  "modified": "2022-08-18T19:15:54Z",
  "published": "2022-08-10T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35724"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/a0x8o/avro"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.