Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-VC27-RQ8H-9F48

Vulnerability from github – Published: 2024-11-12 03:30 – Updated: 2024-11-12 03:30
VLAI
Details

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T02:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-vc27-rq8h-9f48",
  "modified": "2024-11-12T03:30:48Z",
  "published": "2024-11-12T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hacker0xone/CVE/issues/5"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.283918"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.283918"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.441237"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VC7H-CMP3-4HW5

Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2023-10-19 18:09
VLAI
Summary
Istio vulnerable to denial of service
Details

Istio 1.3.x before 1.3.5 is vulnerable to denial of service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-18817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-19T18:09:28Z",
    "nvd_published_at": "2019-11-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Istio 1.3.x before 1.3.5 is vulnerable to denial of service because `continue_on_listener_filters_timeout` is set to True, a related issue to CVE-2019-18836.",
  "id": "GHSA-vc7h-cmp3-4hw5",
  "modified": "2023-10-19T18:09:28Z",
  "published": "2022-05-24T22:01:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/issues/18229"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/issues/18229#issuecomment-553190142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/commit/7570a1f5b56c108aed6ecfa5d2a6048f444bfb37"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/istio/istio"
    },
    {
      "type": "WEB",
      "url": "https://istio.io/news/2019/announcing-1.3.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Istio vulnerable to denial of service"
}

GHSA-VC8P-98Q7-88HP

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-23566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-05T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.",
  "id": "GHSA-vc8p-98q7-88hp",
  "modified": "2022-05-24T19:19:48Z",
  "published": "2022-05-24T19:19:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VCRW-R7FP-Q5GX

Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 06:30
VLAI
Details

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919",
  "id": "GHSA-vcrw-r7fp-q5gx",
  "modified": "2022-12-15T06:30:30Z",
  "published": "2022-12-13T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20476"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VF6R-CGFG-Q96J

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33
VLAI
Details

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-17T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.",
  "id": "GHSA-vf6r-cgfg-q96j",
  "modified": "2025-04-20T03:33:04Z",
  "published": "2022-05-13T01:46:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6056"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/851304"
    },
    {
      "type": "WEB",
      "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60578"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-security-announce/2017/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-security-announce/2017/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180731-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0517.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0826.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0827.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0828.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0829.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3787"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3788"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96293"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037860"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFH9-CHGV-WFPH

Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-23 00:00
VLAI
Details

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.",
  "id": "GHSA-vfh9-chgv-wfph",
  "modified": "2022-07-23T00:00:23Z",
  "published": "2022-07-16T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30634"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/402257"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/52561"
    },
    {
      "type": "WEB",
      "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0477"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220915-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFP6-JRW2-99G9

Vulnerability from github – Published: 2023-11-08 15:02 – Updated: 2023-11-08 15:02
VLAI
Summary
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Details

Summary

Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations.

The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations.

The vulnerable loop in Cosign starts on line 154 below: https://github.com/sigstore/cosign/blob/004443228442850fb28f248fd59765afad99b6df/pkg/cosign/fetch.go#L135-L196

The l slice is controllable by an attacker who controls the remote registry.

Many cloud-native projects consider the remote registry to be untrusted, including Crossplane, Notary and Kyverno. We consider the same to be the case for Cosign, since users are not in control of whether the registry returns the expected data.

TUF's security model labels this type of vulnerability an "Endless data attack", but an attacker could use this as a type of rollback attack, in case the user attempts to deploy a patched version of a vulnerable image; The attacker could prevent this upgrade by causing Cosign to get stuck in an infinite loop and never complete.

Mitigation

The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.13.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/cosign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/cosign/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-08T15:02:51Z",
    "nvd_published_at": "2023-11-07T18:15:09Z",
    "severity": "LOW"
  },
  "details": "### Summary\nCosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in `pkg/cosign.FetchAttestations`.\n\nThe attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations.\n\nThe vulnerable loop in Cosign starts on line 154 below:\nhttps://github.com/sigstore/cosign/blob/004443228442850fb28f248fd59765afad99b6df/pkg/cosign/fetch.go#L135-L196\n\nThe `l` slice is controllable by an attacker who controls the remote registry.\n\nMany cloud-native projects consider the remote registry to be untrusted, including Crossplane, Notary and Kyverno. We consider the same to be the case for Cosign, since users are not in control of whether the registry returns the expected data.\n\nTUF\u0027s security model labels this type of vulnerability an [\"Endless data attack\"](https://theupdateframework.io/security/), but an attacker could use this as a type of rollback attack, in case the user attempts to deploy a patched version of a vulnerable image; The attacker could prevent this upgrade by causing Cosign to get stuck in an infinite loop and never complete.\n\n### Mitigation\nThe issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack.",
  "id": "GHSA-vfp6-jrw2-99g9",
  "modified": "2023-11-08T15:02:51Z",
  "published": "2023-11-08T15:02:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46737"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/pull/3364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/cosign"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/releases/tag/v1.13.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cosign vulnerable to possible endless data attack from attacker-controlled registry"
}

GHSA-VFW5-HRGQ-H5WF

Vulnerability from github – Published: 2023-09-25 17:33 – Updated: 2024-05-20 19:40
VLAI
Summary
x/net/html Vulnerable to DoS During HTML Parsing
Details

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/net"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20190125091013-d26f9f9a57f3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-17846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-25T17:33:10Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The html package (aka x/net/html) through 2018-09-25 in Go mishandles `\u003ctable\u003e\u003cmath\u003e\u003cselect\u003e\u003cmi\u003e\u003cselect\u003e\u003c/table\u003e`, leading to an infinite loop during an `html.Parse` call because `inSelectIM` and `inSelectInTableIM` do not comply with a specification.",
  "id": "GHSA-vfw5-hrgq-h5wf",
  "modified": "2024-05-20T19:40:06Z",
  "published": "2023-09-25T17:33:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17846"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/issues/27842"
    },
    {
      "type": "WEB",
      "url": "https://go-review.googlesource.com/c/137275"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/27842"
    },
    {
      "type": "WEB",
      "url": "https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "x/net/html Vulnerable to DoS During HTML Parsing"
}

GHSA-VG2P-X98M-7MXR

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-11T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.",
  "id": "GHSA-vg2p-x98m-7mxr",
  "modified": "2022-05-24T17:33:38Z",
  "published": "2022-05-24T17:33:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16127"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2020-187-accountsservice-drop-privs-DOS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VHC7-QGWJ-VX6V

Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35
VLAI
Details

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T15:17:12Z",
    "severity": "MODERATE"
  },
  "details": "FatFs prior to R0.16 that use GPT scanning with \u0027FF_LBA64 = 1\u0027 contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.",
  "id": "GHSA-vhc7-qgwj-vx6v",
  "modified": "2026-07-01T15:35:20Z",
  "published": "2026-07-01T15:35:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6684"
    },
    {
      "type": "WEB",
      "url": "https://elm-chan.org/fsw/ff"
    },
    {
      "type": "WEB",
      "url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
    },
    {
      "type": "WEB",
      "url": "https://www.runzero.com/advisories/fatfs-gpt-scan-loop-dos-cve-2026-6684"
    },
    {
      "type": "WEB",
      "url": "https://www.runzero.com/blog/fatfs-bugs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.