Common Weakness Enumeration

CWE-833

Allowed

Deadlock

Abstraction: Base · Status: Incomplete

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

39 vulnerabilities reference this CWE, most recent first.

GHSA-J3FJ-RFH9-7J99

Vulnerability from github – Published: 2025-02-12 03:31 – Updated: 2025-02-12 03:31
VLAI
Details

Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667",
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T02:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.",
  "id": "GHSA-j3fj-rfh9-7j99",
  "modified": "2025-02-12T03:31:14Z",
  "published": "2025-02-12T03:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29172"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M24R-P59V-Q652

Vulnerability from github – Published: 2023-07-18 18:30 – Updated: 2024-04-04 06:13
VLAI
Details

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667",
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-18T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. This flaw allows a local user to potentially crash the system.",
  "id": "GHSA-m24r-p59v-q652",
  "modified": "2024-04-04T06:13:54Z",
  "published": "2023-07-18T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0160"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0160"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159764"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9QX-F7M5-X2M6

Vulnerability from github – Published: 2023-04-11 12:30 – Updated: 2024-06-11 09:30
VLAI
Details

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.",
  "id": "GHSA-m9qx-f7m5-x2m6",
  "modified": "2024-06-11T09:30:53Z",
  "published": "2023-04-11T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43767"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q286-Q7FG-G7GC

Vulnerability from github – Published: 2025-10-27 12:32 – Updated: 2025-10-27 12:32
VLAI
Details

An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-27T11:15:41Z",
    "severity": "MODERATE"
  },
  "details": "An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.",
  "id": "GHSA-q286-q7fg-g7gc",
  "modified": "2025-10-27T12:32:52Z",
  "published": "2025-10-27T12:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59463"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q9X9-MHF5-VMMM

Vulnerability from github – Published: 2025-07-29 18:30 – Updated: 2025-07-29 18:30
VLAI
Details

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2

could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T18:15:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.",
  "id": "GHSA-q9x9-mhf5-vmmm",
  "modified": "2025-07-29T18:30:36Z",
  "published": "2025-07-29T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36010"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7240951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ9F-Q439-2574

Vulnerability from github – Published: 2025-01-02 21:31 – Updated: 2025-05-15 00:30
VLAI
Summary
Narayana deadlock via multiple join requests sent to LRA Coordinator
Details

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.narayana.rts:lra-coordinator-jar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.1.0.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-8447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-02T22:05:33Z",
    "nvd_published_at": "2025-01-02T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
  "id": "GHSA-qq9f-q439-2574",
  "modified": "2025-05-15T00:30:26Z",
  "published": "2025-01-02T21:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jbosstm/narayana/pull/2293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:3357"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:3358"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7620"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jbosstm/narayana"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Narayana deadlock via multiple join requests sent to LRA Coordinator"
}

GHSA-WHPQ-78MQ-QCJ6

Vulnerability from github – Published: 2023-06-27 21:30 – Updated: 2024-04-04 05:13
VLAI
Details

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667",
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-27T21:15:16Z",
    "severity": "LOW"
  },
  "details": "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\n\n",
  "id": "GHSA-whpq-78mq-qcj6",
  "modified": "2024-04-04T05:13:36Z",
  "published": "2023-06-27T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3436"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4V6-W9V4-P32J

Vulnerability from github – Published: 2024-01-17 18:31 – Updated: 2024-01-24 21:30
VLAI
Details

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667",
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-17T16:15:47Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel\u2019s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.",
  "id": "GHSA-x4v6-w9v4-p32j",
  "modified": "2024-01-24T21:30:32Z",
  "published": "2024-01-17T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0641"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0641"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258757"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XV49-PVQX-8XR6

Vulnerability from github – Published: 2022-12-05 18:30 – Updated: 2025-04-14 18:31
VLAI
Details

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-05T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.",
  "id": "GHSA-xv49-pvqx-8xr6",
  "modified": "2025-04-14T18:31:41Z",
  "published": "2022-12-05T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4269"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230929-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5480"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-25: Forced Deadlock

The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.