Common Weakness Enumeration

CWE-834

Discouraged

Excessive Iteration

Abstraction: Class · Status: Incomplete

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

124 vulnerabilities reference this CWE, most recent first.

GHSA-C945-CQJ5-WFV6

Vulnerability from github – Published: 2023-07-31 18:30 – Updated: 2024-06-21 21:33
VLAI
Details

Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p.

An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-606",
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-31T16:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
  "id": "GHSA-c945-cqj5-wfv6",
  "modified": "2024-06-21T21:33:53Z",
  "published": "2023-07-31T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202402-08"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0014"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231027-0008"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20230731.txt"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHVF-MX8G-HJH2

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A \"stall on CPU\" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.",
  "id": "GHSA-chvf-mx8g-hjh2",
  "modified": "2022-05-24T17:44:58Z",
  "published": "2022-05-24T17:44:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28950"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP8Q-FXV9-RFJ5

Vulnerability from github – Published: 2023-07-12 03:30 – Updated: 2024-04-04 06:00
VLAI
Details

An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-12T02:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.",
  "id": "GHSA-cp8q-fxv9-rfj5",
  "modified": "2024-04-04T06:00:54Z",
  "published": "2023-07-12T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rizinorg/rizin/commit/a6d89de0d44e776f9bccc3a168fdc79f604e14ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ifyGecko/CVE-2023-30226"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRP8-6V6M-QVRP

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-31T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large \"duration\" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.",
  "id": "GHSA-crp8-6v6m-qvrp",
  "modified": "2022-05-13T01:43:18Z",
  "published": "2022-05-13T01:43:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14059"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3996"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100631"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRVW-8J55-4XXV

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-28T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.",
  "id": "GHSA-crvw-8j55-4xxv",
  "modified": "2022-05-13T01:18:56Z",
  "published": "2022-05-13T01:18:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11507"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FLIF-hub/FLIF/issues/509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8R4-MF27-RF7M

Vulnerability from github – Published: 2025-09-30 18:30 – Updated: 2025-10-06 20:59
VLAI
Summary
Finance.js vulnerable to DoS via the IRR function’s depth parameter
Details

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "financejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-56571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770",
      "CWE-834"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-30T21:59:58Z",
    "nvd_published_at": "2025-09-30T16:15:52Z",
    "severity": "HIGH"
  },
  "details": "Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function\u2019s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.",
  "id": "GHSA-f8r4-mf27-rf7m",
  "modified": "2025-10-06T20:59:43Z",
  "published": "2025-09-30T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56571"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ebradyjobory/finance.js"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@nakah_/cve-2025-56571-and-cve-2025-56572-denial-of-service-vulnerabilities-in-finance-js-78f8b399f53b"
    },
    {
      "type": "WEB",
      "url": "https://raw.githack.com/ebradyjobory/finance.js/6d571ea2a86d08491ceb584e292e9b76b0a60636/finance.js"
    },
    {
      "type": "WEB",
      "url": "http://financejs.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Finance.js vulnerable to DoS via the IRR function\u2019s depth parameter"
}

GHSA-FJF3-QW96-MMW3

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.",
  "id": "GHSA-fjf3-qw96-mmw3",
  "modified": "2022-05-13T01:47:52Z",
  "published": "2022-05-13T01:47:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9255"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jun/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWF5-79MR-RPVF

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-21T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.",
  "id": "GHSA-fwf5-79mr-rpvf",
  "modified": "2022-05-13T01:42:22Z",
  "published": "2022-05-13T01:42:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11505"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/526"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867824"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8P6-P27C-52FX

Vulnerability from github – Published: 2023-11-03 09:32 – Updated: 2023-11-03 19:47
VLAI
Summary
Eclipse Parsson Denial of Service vulnerability
Details

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.

To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.parsson:project"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.parsson:project"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-4043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-834"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-03T19:47:25Z",
    "nvd_published_at": "2023-11-03T09:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.\n\n\nTo mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.\n\n\n",
  "id": "GHSA-g8p6-p27c-52fx",
  "modified": "2023-11-03T19:47:25Z",
  "published": "2023-11-03T09:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-ee4j/parsson/pull/100"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Eclipse Parsson Denial of Service vulnerability"
}

GHSA-GM89-9QF3-7P24

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.",
  "id": "GHSA-gm89-9qf3-7p24",
  "modified": "2022-05-24T17:22:25Z",
  "published": "2022-05-24T17:22:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14303"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851298;"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-15"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200709-0003"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4454-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4454-2"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2020-14303.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.