Common Weakness Enumeration

CWE-670

Allowed-with-Review

Always-Incorrect Control Flow Implementation

Abstraction: Class · Status: Draft

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

203 vulnerabilities reference this CWE, most recent first.

CVE-2021-0273 (GCVE-0-2021-0273)

Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:26
VLAI
Title
Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device's interfaces.
Summary
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
  • CWE-670 - Always-Incorrect Control Flow Implementation
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11164 x_refsource_MISC
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 15.1F6, 16.1R1 (custom)
Affected: 15.1F6 , < 15.1* (custom)
Affected: 16.1R1 , < 16.1* (custom)
Affected: 17.1 , < 17.1R2-S12 (custom)
Affected: 17.2 , < 17.2R3-S4 (custom)
Affected: 17.3 , < 17.3R3-S8 (custom)
Affected: 17.4 , < 17.4R2-S10, 17.4R3-S2 (custom)
Affected: 18.1 , < 18.1R3-S10 (custom)
Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom)
Affected: 18.3 , < 18.3R1-S7, 18.3R3-S2 (custom)
Affected: 18.4 , < 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 (custom)
Affected: 19.1 , < 19.1R1-S5, 19.1R2-S1, 19.1R3 (custom)
Affected: 19.2 , < 19.2R1-S4, 19.2R2 (custom)
Affected: 19.3 , < 19.3R2-S3, 19.3R3 (custom)
Affected: 19.4 , < 19.4R1-S1, 19.4R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 19.4 , < 19.4R2-EVO (custom)
Create a notification for this product.
Date Public
2021-04-14 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1F6, 16.1R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1*",
              "status": "affected",
              "version": "15.1F6",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "16.1R7-S8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "16.1*",
              "status": "affected",
              "version": "16.1R1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S12",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R3-S4",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S8",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S10, 17.4R3-S2",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S10",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R2-S7, 18.2R3-S3",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S7, 18.3R3-S2",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S4, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S3, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S1, 19.4R2",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.4R2-EVO",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
        }
      ],
      "datePublic": "2021-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:28.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11164"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11164",
        "defect": [
          "1478759"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no available workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0273",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003e=",
                            "version_name": "15.1",
                            "version_value": "15.1F6"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003e=",
                            "version_name": "16.1",
                            "version_value": "16.1R1"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S8"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S12"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R3-S4"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S8"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S10, 17.4R3-S2"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S10"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R2-S7, 18.2R3-S3"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S7, 18.3R3-S2"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S4, 19.2R2"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S3, 19.3R3"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S1, 19.4R2"
                          },
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "!\u003c",
                            "version_value": "15.1F6, 16.1R1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS Evolved",
                      "version": {
                        "version_data": [
                          {
                            "platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-EVO"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-670: Always-Incorrect Control Flow Implementation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11164",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11164"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11164",
          "defect": [
            "1478759"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no available workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0273",
    "datePublished": "2021-04-22T19:37:28.349Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:26:18.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1914 (GCVE-0-2020-1914)

Vulnerability from cvelistv5 – Published: 2020-10-08 18:50 – Updated: 2024-08-04 06:53
VLAI
Summary
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Severity
No CVSS data available.
CWE
  • CWE-670 - Always-Incorrect Control Flow Implementation, CWE-1119: Excessive Use of Unconditional Branching
Assigner
References
Impacted products
Vendor Product Version
Facebook Hermes Affected: commit prior to b2021df620824627f5a8c96615edbd1eb7fdddfc
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:53:59.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.facebook.com/security/advisories/cve-2020-1914"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hermes",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "commit prior to b2021df620824627f5a8c96615edbd1eb7fdddfc"
            }
          ]
        }
      ],
      "dateAssigned": "2020-10-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation, CWE-1119: Excessive Use of Unconditional Branching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-08T18:50:11.000Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.facebook.com/security/advisories/cve-2020-1914"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2020-10-08",
          "ID": "CVE-2020-1914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hermes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "commit prior to b2021df620824627f5a8c96615edbd1eb7fdddfc"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-670: Always-Incorrect Control Flow Implementation, CWE-1119: Excessive Use of Unconditional Branching"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.facebook.com/security/advisories/cve-2020-1914",
              "refsource": "CONFIRM",
              "url": "https://www.facebook.com/security/advisories/cve-2020-1914"
            },
            {
              "name": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc",
              "refsource": "CONFIRM",
              "url": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2020-1914",
    "datePublished": "2020-10-08T18:50:11.000Z",
    "dateReserved": "2019-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:53:59.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-228Q-PR2F-PGHM

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57
VLAI
Details

** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-05T02:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.",
  "id": "GHSA-228q-pr2f-pghm",
  "modified": "2022-05-24T16:57:55Z",
  "published": "2022-05-24T16:57:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17192"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=21161432"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/moxie/status/1180226374851710976"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-256G-W77V-WXMX

Vulnerability from github – Published: 2025-03-24 21:30 – Updated: 2025-03-26 15:32
VLAI
Details

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-24T21:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.",
  "id": "GHSA-256g-w77v-wxmx",
  "modified": "2025-03-26T15:32:36Z",
  "published": "2025-03-24T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29312"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Saber-Berserker/4e54c2aa70abab2b133ce2c2b7e91249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2595-PF9F-6G58

Vulnerability from github – Published: 2026-03-03 09:30 – Updated: 2026-05-04 15:31
VLAI
Details

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T07:16:10Z",
    "severity": "HIGH"
  },
  "details": "Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.",
  "id": "GHSA-2595-pf9f-6g58",
  "modified": "2026-05-04T15:31:07Z",
  "published": "2026-03-03T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1874"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU93286687"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-26PG-G54Q-JV62

Vulnerability from github – Published: 2026-04-12 21:30 – Updated: 2026-04-12 21:30
VLAI
Details

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-12T20:16:17Z",
    "severity": "MODERATE"
  },
  "details": "Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a \"workspace overflow\" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.",
  "id": "GHSA-26pg-g54q-jv62",
  "modified": "2026-04-12T21:30:19Z",
  "published": "2026-04-12T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40394"
    },
    {
      "type": "WEB",
      "url": "https://docs.varnish-software.com/security/VEV00002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-27C2-9CC9-22V7

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-23T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.",
  "id": "GHSA-27c2-9cc9-22v7",
  "modified": "2022-05-24T17:29:23Z",
  "published": "2022-05-24T17:29:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25603"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-06"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4769"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xen.org/xsa/advisory-340.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-27VH-H6MC-Q6G8

Vulnerability from github – Published: 2024-10-10 16:43 – Updated: 2025-08-21 04:05
VLAI
Summary
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Details

Impact

The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one).

This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block.

FindAndDelete vs. removeOpcodeByData

removeOpcodeByData(script []byte, dataToRemove []byte) removes any data pushes from script that contain dataToRemove. However, FindAndDelete only removes exact matches. So for example, with script = "<data> <data||foo>" and dataToRemove = "data" btcd will remove both data pushes but Bitcoin Core's FindAndDelete only removes the first <data> push.

Patches

This has been patched in btcd version v0.24.2-beta.

References

FindAndDelete: https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/btcsuite/btcd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.24.2-beta.rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-10T16:43:17Z",
    "nvd_published_at": "2024-10-11T20:15:04Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core\u0027s \"FindAndDelete()\" functionality. This\nlogic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). \n\nThis consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn\u0027t return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a \"standard\" Bitcoin\ntransaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block.\n\n#### `FindAndDelete` vs. `removeOpcodeByData`\n\n`removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that *contain* `dataToRemove`. However, `FindAndDelete` only removes *exact* matches. So for example, with `script = \"\u003cdata\u003e \u003cdata||foo\u003e\"` and `dataToRemove = \"data\"` btcd will remove both data pushes but Bitcoin Core\u0027s `FindAndDelete` only removes the first `\u003cdata\u003e` push.\n\n\n### Patches\n\nThis has been patched in `btcd` version v0.24.2-beta. \n\n### References\n\n`FindAndDelete`: https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8",
  "id": "GHSA-27vh-h6mc-q6g8",
  "modified": "2025-08-21T04:05:13Z",
  "published": "2024-10-10T16:43:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5"
    },
    {
      "type": "WEB",
      "url": "https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/btcsuite/btcd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/btcsuite/btcd/releases/tag/v0.24.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "btcd did not correctly re-implement Bitcoin Core\u0027s \"FindAndDelete()\" functionality"
}

GHSA-28XX-PPPM-VQFF

Vulnerability from github – Published: 2026-04-30 18:21 – Updated: 2026-06-08 20:10
VLAI
Summary
ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction
Details

Impact

Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led (in rare cases) to a loss of data consistency.

Patches

ydb-go-sdk contains this problem in versions from v3.104.6 to v3.134.1. The fix for this problem has been released in version v3.134.2 (https://github.com/ydb-platform/ydb-go-sdk/pull/2091).

Workarounds

1) Use explicit table.Transaction.CommitTx(ctx) instead use options.WithCommit(). 2) Use transaction retrier db.Table().DoTx(ctx, lambda) instead explicit start transaction on session. 3) Use query client db.Query().Do(ctx, lambda) with the same logic in lambda

Resources

Commit with bug https://github.com/ydb-platform/ydb-go-sdk/commit/251128a64763555d9a79ee7a131dd154c9000eb9 Commit with fix https://github.com/ydb-platform/ydb-go-sdk/commit/25dcff4c41153f1f9413512ba12999b40bf7154d

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.134.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ydb-platform/ydb-go-sdk/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.104.6"
            },
            {
              "fixed": "3.134.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T18:21:04Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\nTransactions were NOT committed despite the explicit `options.WithCommit` flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led (in rare cases) to a loss of data consistency.\n\n### Patches\n`ydb-go-sdk` contains this problem in versions from [v3.104.6](https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.104.6) to [v3.134.1](https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.1). The fix for this problem has been released in version [v3.134.2](https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.2) (https://github.com/ydb-platform/ydb-go-sdk/pull/2091).\n\n### Workarounds\n1) Use explicit `table.Transaction.CommitTx(ctx)` instead use `options.WithCommit()`.\n2) Use transaction retrier `db.Table().DoTx(ctx, lambda)` instead explicit start transaction on session.\n3) Use query client `db.Query().Do(ctx, lambda)` with the same logic in `lambda`\n\n### Resources\nCommit with bug https://github.com/ydb-platform/ydb-go-sdk/commit/251128a64763555d9a79ee7a131dd154c9000eb9\nCommit with fix https://github.com/ydb-platform/ydb-go-sdk/commit/25dcff4c41153f1f9413512ba12999b40bf7154d",
  "id": "GHSA-28xx-pppm-vqff",
  "modified": "2026-06-08T20:10:28Z",
  "published": "2026-04-30T18:21:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/security/advisories/GHSA-28xx-pppm-vqff"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/pull/2091"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/commit/251128a64763555d9a79ee7a131dd154c9000eb9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/commit/25dcff4c41153f1f9413512ba12999b40bf7154d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ydb-platform/ydb-go-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.104.6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.134.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ydb-go-sdk\u0027s transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction"
}

GHSA-2G8X-WXP8-JHPG

Vulnerability from github – Published: 2024-09-25 18:31 – Updated: 2024-09-25 18:31
VLAI
Details

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover.

This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670",
      "CWE-783"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-25T17:15:17Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover.  \n\n This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.",
  "id": "GHSA-2g8x-wxp8-jhpg",
  "modified": "2024-09-25T18:31:21Z",
  "published": "2024-09-25T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20480"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.