CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
CVE-2017-2670 (GCVE-0-2017-2670)
Vulnerability from cvelistv5 – Published: 2018-07-27 15:00 – Updated: 2024-08-05 14:02| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:1411 | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2017-1409.html | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2017/dsa-3906 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:3458 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:1410 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:1412 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:3455 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3456 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3454 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/98965 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:1409",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "DSA-3906",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3906"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:1410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "98965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "undertow",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "1.3.28.Final-redhat-4"
}
]
}
],
"datePublic": "2017-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:1411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:1409",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "DSA-3906",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3906"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:1410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "98965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "1.3.28.Final-redhat-4"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "DSA-3906",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3906"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:1410",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1412",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "98965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2670",
"datePublished": "2018-07-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:06.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2646 (GCVE-0-2017-2646)
Vulnerability from cvelistv5 – Published: 2018-07-27 18:00 – Updated: 2024-08-05 14:02| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96882 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646"
},
{
"name": "96882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "2.5.5"
}
]
}
],
"datePublic": "2018-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646"
},
{
"name": "96882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "2.5.5"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646"
},
{
"name": "96882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2646",
"datePublished": "2018-07-27T18:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:07.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9581 (GCVE-0-2016-9581)
Vulnerability from cvelistv5 – Published: 2018-08-01 14:00 – Updated: 2024-08-06 02:59| URL | Tags |
|---|---|
| https://github.com/uclouvain/openjpeg/issues/872 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201710-26 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/94822 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/szukw000/openjpeg/commit/cadff… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| The OpenJPEG Project | openjpeg2 |
Affected:
2.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/872"
},
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "94822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openjpeg2",
"vendor": "The OpenJPEG Project",
"versions": [
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/uclouvain/openjpeg/issues/872"
},
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "94822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9581",
"datePublished": "2018-08-01T14:00:00.000Z",
"dateReserved": "2016-11-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10103 (GCVE-0-2015-10103)
Vulnerability from cvelistv5 – Published: 2023-04-17 19:00 – Updated: 2024-08-06 08:58- CWE-835 - Infinite Loop
| URL | Tags |
|---|---|
| https://vuldb.com/?id.226119 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.226119 | signaturepermissions-required |
| https://github.com/InternalError503/forget-it/com… | patch |
| https://github.com/InternalError503/forget-it/rel… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| InternalError503 | Forget It |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.226119"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.226119"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/InternalError503/forget-it/releases/tag/1.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forget It",
"vendor": "InternalError503",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The patch is named adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in InternalError503 Forget It bis 1.3 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei js/settings.js. Durch die Manipulation des Arguments setForgetTime mit der Eingabe 0 mit unbekannten Daten kann eine infinite loop-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Ein Aktualisieren auf die Version 1.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als adf0c7fd59b9c935b4fd675c556265620124999c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Infinite Loop",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:24:30.865Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.226119"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.226119"
},
{
"tags": [
"patch"
],
"url": "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/InternalError503/forget-it/releases/tag/1.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2015-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2015-10-11T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2023-04-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-04-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-05-05T10:16:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "InternalError503 Forget It settings.js infinite loop"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10103",
"datePublished": "2023-04-17T19:00:05.418Z",
"dateReserved": "2023-04-15T20:51:31.142Z",
"dateUpdated": "2024-08-06T08:58:26.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22GX-4XV7-XWJG
Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2024-11595"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T11:15:32Z",
"severity": "MODERATE"
},
"details": "FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-22gx-4xv7-xwjg",
"modified": "2025-05-07T18:30:40Z",
"published": "2025-05-07T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11595"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20176"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2024-14.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-237F-MXRR-MCVR
Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java.
This issue affects tis: before v4.3.0.
{
"affected": [],
"aliases": [
"CVE-2026-24816"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T09:15:52Z",
"severity": "CRITICAL"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java.\n\nThis issue affects tis: before v4.3.0.",
"id": "GHSA-237f-mxrr-mcvr",
"modified": "2026-01-27T09:30:30Z",
"published": "2026-01-27T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24816"
},
{
"type": "WEB",
"url": "https://github.com/datavane/tis/pull/444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-2396-H4JP-VPJG
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
{
"affected": [],
"aliases": [
"CVE-2018-10546"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-29T21:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.",
"id": "GHSA-2396-h4jp-vpjg",
"modified": "2022-05-13T01:48:49Z",
"published": "2022-05-13T01:48:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10546"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=76249"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201812-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180607-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3646-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4240"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-12"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104019"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040807"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-23P4-XXGC-XQVF
Vulnerability from github – Published: 2024-01-24 18:31 – Updated: 2025-06-20 21:31An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.
{
"affected": [],
"aliases": [
"CVE-2021-42143"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-24T18:15:08Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.",
"id": "GHSA-23p4-xxgc-xqvf",
"modified": "2025-06-20T21:31:53Z",
"published": "2024-01-24T18:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42143"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Jan/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-245W-HX5R-X6JQ
Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-05-30 15:30tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
{
"affected": [],
"aliases": [
"CVE-2024-22654"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T15:15:29Z",
"severity": "HIGH"
},
"details": "tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.",
"id": "GHSA-245w-hx5r-x6jq",
"modified": "2025-05-30T15:30:30Z",
"published": "2025-05-29T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22654"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/issues/827"
},
{
"type": "WEB",
"url": "https://gist.github.com/TimChan2001/4f25915b9952e8e3453db5cf72185b88"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-24M2-RCHH-H2MX
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-07-08 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Reject empty multisync extension to prevent infinite loop
v3d_get_extensions() walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referential extension (ext->next == &ext) with zero in_sync_count and out_sync_count, which bypasses the existing duplicate- extension guard:
if (se->in_sync_count || se->out_sync_count)
return -EINVAL;
The guard never fires because v3d_get_multisync_post_deps() returns immediately when count is zero, leaving both fields at zero on every iteration. The result is an infinite loop in kernel context, blocking the calling thread and pegging a CPU core indefinitely.
Fix this by rejecting a multisync extension where both in_sync_count and out_sync_count are zero in v3d_get_multisync_submit_deps(). An empty multisync carries no synchronization information and serves no useful purpose, so returning -EINVAL for such an extension is the correct defense against this attack vector.
{
"affected": [],
"aliases": [
"CVE-2026-46314"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T17:16:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Reject empty multisync extension to prevent infinite loop\n\nv3d_get_extensions() walks a userspace-provided singly-linked list of\nioctl extensions without any bound on the chain length. A local user\ncan craft a self-referential extension (ext-\u003enext == \u0026ext) with zero\nin_sync_count and out_sync_count, which bypasses the existing duplicate-\nextension guard:\n\n if (se-\u003ein_sync_count || se-\u003eout_sync_count)\n return -EINVAL;\n\nThe guard never fires because v3d_get_multisync_post_deps() returns\nimmediately when count is zero, leaving both fields at zero on every\niteration. The result is an infinite loop in kernel context, blocking\nthe calling thread and pegging a CPU core indefinitely.\n\nFix this by rejecting a multisync extension where both in_sync_count\nand out_sync_count are zero in v3d_get_multisync_submit_deps(). An\nempty multisync carries no synchronization information and serves no\nuseful purpose, so returning -EINVAL for such an extension is the\ncorrect defense against this attack vector.",
"id": "GHSA-24m2-rchh-h2mx",
"modified": "2026-07-08T15:31:37Z",
"published": "2026-06-08T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46314"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/309abbddeca0c12714721928a819ef45e5710998"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4fa42a249e8cd6ed17aea04e5695b6e9001f2433"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c5164781cb388d219d8f49fa0f0b04cf86ad544"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb44d589bf3148e13452185a6e772a7efbf2d684"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.