CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-VC27-RQ8H-9F48
Vulnerability from github – Published: 2024-11-12 03:30 – Updated: 2024-11-12 03:30A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-11097"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T02:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-vc27-rq8h-9f48",
"modified": "2024-11-12T03:30:48Z",
"published": "2024-11-12T03:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11097"
},
{
"type": "WEB",
"url": "https://github.com/Hacker0xone/CVE/issues/5"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.283918"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.283918"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.441237"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VC7H-CMP3-4HW5
Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2023-10-19 18:09Istio 1.3.x before 1.3.5 is vulnerable to denial of service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "istio.io/istio"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-18817"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-19T18:09:28Z",
"nvd_published_at": "2019-11-12T14:15:00Z",
"severity": "HIGH"
},
"details": "Istio 1.3.x before 1.3.5 is vulnerable to denial of service because `continue_on_listener_filters_timeout` is set to True, a related issue to CVE-2019-18836.",
"id": "GHSA-vc7h-cmp3-4hw5",
"modified": "2023-10-19T18:09:28Z",
"published": "2022-05-24T22:01:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18817"
},
{
"type": "WEB",
"url": "https://github.com/istio/istio/issues/18229"
},
{
"type": "WEB",
"url": "https://github.com/istio/istio/issues/18229#issuecomment-553190142"
},
{
"type": "WEB",
"url": "https://github.com/istio/istio/commit/7570a1f5b56c108aed6ecfa5d2a6048f444bfb37"
},
{
"type": "PACKAGE",
"url": "https://github.com/istio/istio"
},
{
"type": "WEB",
"url": "https://istio.io/news/2019/announcing-1.3.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Istio vulnerable to denial of service"
}
GHSA-VC8P-98Q7-88HP
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.
{
"affected": [],
"aliases": [
"CVE-2020-23566"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-05T17:15:00Z",
"severity": "MODERATE"
},
"details": "Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.",
"id": "GHSA-vc8p-98q7-88hp",
"modified": "2022-05-24T19:19:48Z",
"published": "2022-05-24T19:19:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23566"
},
{
"type": "WEB",
"url": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VCRW-R7FP-Q5GX
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 06:30In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919
{
"affected": [],
"aliases": [
"CVE-2022-20476"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919",
"id": "GHSA-vcrw-r7fp-q5gx",
"modified": "2022-12-15T06:30:30Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20476"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VF6R-CGFG-Q96J
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
{
"affected": [],
"aliases": [
"CVE-2017-6056"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T07:59:00Z",
"severity": "HIGH"
},
"details": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.",
"id": "GHSA-vf6r-cgfg-q96j",
"modified": "2025-04-20T03:33:04Z",
"published": "2022-05-13T01:46:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6056"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/851304"
},
{
"type": "WEB",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60578"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00039.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180731-0002"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0517.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0826.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0827.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0828.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0829.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3787"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3788"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96293"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037860"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFH9-CHGV-WFPH
Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-23 00:00Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
{
"affected": [],
"aliases": [
"CVE-2022-30634"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-15T20:15:00Z",
"severity": "HIGH"
},
"details": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.",
"id": "GHSA-vfh9-chgv-wfph",
"modified": "2022-07-23T00:00:23Z",
"published": "2022-07-16T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30634"
},
{
"type": "WEB",
"url": "https://go.dev/cl/402257"
},
{
"type": "WEB",
"url": "https://go.dev/issue/52561"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0477"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220915-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFP6-JRW2-99G9
Vulnerability from github – Published: 2023-11-08 15:02 – Updated: 2023-11-08 15:02Summary
Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations.
The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations.
The vulnerable loop in Cosign starts on line 154 below: https://github.com/sigstore/cosign/blob/004443228442850fb28f248fd59765afad99b6df/pkg/cosign/fetch.go#L135-L196
The l slice is controllable by an attacker who controls the remote registry.
Many cloud-native projects consider the remote registry to be untrusted, including Crossplane, Notary and Kyverno. We consider the same to be the case for Cosign, since users are not in control of whether the registry returns the expected data.
TUF's security model labels this type of vulnerability an "Endless data attack", but an attacker could use this as a type of rollback attack, in case the user attempts to deploy a patched version of a vulnerable image; The attacker could prevent this upgrade by causing Cosign to get stuck in an infinite loop and never complete.
Mitigation
The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.13.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/cosign"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/cosign/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46737"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-08T15:02:51Z",
"nvd_published_at": "2023-11-07T18:15:09Z",
"severity": "LOW"
},
"details": "### Summary\nCosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in `pkg/cosign.FetchAttestations`.\n\nThe attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations.\n\nThe vulnerable loop in Cosign starts on line 154 below:\nhttps://github.com/sigstore/cosign/blob/004443228442850fb28f248fd59765afad99b6df/pkg/cosign/fetch.go#L135-L196\n\nThe `l` slice is controllable by an attacker who controls the remote registry.\n\nMany cloud-native projects consider the remote registry to be untrusted, including Crossplane, Notary and Kyverno. We consider the same to be the case for Cosign, since users are not in control of whether the registry returns the expected data.\n\nTUF\u0027s security model labels this type of vulnerability an [\"Endless data attack\"](https://theupdateframework.io/security/), but an attacker could use this as a type of rollback attack, in case the user attempts to deploy a patched version of a vulnerable image; The attacker could prevent this upgrade by causing Cosign to get stuck in an infinite loop and never complete.\n\n### Mitigation\nThe issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack.",
"id": "GHSA-vfp6-jrw2-99g9",
"modified": "2023-11-08T15:02:51Z",
"published": "2023-11-08T15:02:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46737"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/cosign/pull/3364"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/cosign"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/cosign/releases/tag/v1.13.2"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/cosign/releases/tag/v2.2.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Cosign vulnerable to possible endless data attack from attacker-controlled registry"
}
GHSA-VFW5-HRGQ-H5WF
Vulnerability from github – Published: 2023-09-25 17:33 – Updated: 2024-05-20 19:40The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/net"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20190125091013-d26f9f9a57f3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17846"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-25T17:33:10Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The html package (aka x/net/html) through 2018-09-25 in Go mishandles `\u003ctable\u003e\u003cmath\u003e\u003cselect\u003e\u003cmi\u003e\u003cselect\u003e\u003c/table\u003e`, leading to an infinite loop during an `html.Parse` call because `inSelectIM` and `inSelectInTableIM` do not comply with a specification.",
"id": "GHSA-vfw5-hrgq-h5wf",
"modified": "2024-05-20T19:40:06Z",
"published": "2023-09-25T17:33:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17846"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/27842"
},
{
"type": "WEB",
"url": "https://go-review.googlesource.com/c/137275"
},
{
"type": "WEB",
"url": "https://go.dev/issue/27842"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "x/net/html Vulnerable to DoS During HTML Parsing"
}
GHSA-VG2P-X98M-7MXR
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
{
"affected": [],
"aliases": [
"CVE-2020-16127"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-11T04:15:00Z",
"severity": "MODERATE"
},
"details": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.",
"id": "GHSA-vg2p-x98m-7mxr",
"modified": "2022-05-24T17:33:38Z",
"published": "2022-05-24T17:33:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16127"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VHC7-QGWJ-VX6V
Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
{
"affected": [],
"aliases": [
"CVE-2026-6684"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T15:17:12Z",
"severity": "MODERATE"
},
"details": "FatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.",
"id": "GHSA-vhc7-qgwj-vx6v",
"modified": "2026-07-01T15:35:20Z",
"published": "2026-07-01T15:35:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6684"
},
{
"type": "WEB",
"url": "https://elm-chan.org/fsw/ff"
},
{
"type": "WEB",
"url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
},
{
"type": "WEB",
"url": "https://www.runzero.com/advisories/fatfs-gpt-scan-loop-dos-cve-2026-6684"
},
{
"type": "WEB",
"url": "https://www.runzero.com/blog/fatfs-bugs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.