Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-3X7H-5HFR-HVJM

Vulnerability from github – Published: 2018-10-19 16:54 – Updated: 2021-08-31 21:36
VLAI
Summary
Moderate severity vulnerability that affects io.undertow:undertow-core
Details

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.undertow:undertow-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-2670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:56:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.",
  "id": "GHSA-3x7h-5hfr-hvjm",
  "modified": "2021-08-31T21:36:39Z",
  "published": "2018-10-19T16:54:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3x7h-5hfr-hvjm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moderate severity vulnerability that affects io.undertow:undertow-core"
}

GHSA-3XPW-25QV-R984

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-1186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-05T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.",
  "id": "GHSA-3xpw-25qv-r984",
  "modified": "2022-05-13T01:24:52Z",
  "published": "2022-05-13T01:24:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1186"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76139"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47926"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48974"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49043"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49317"
    },
    {
      "type": "WEB",
      "url": "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1435-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2462"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/19/5"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/80555"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51957"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-433P-JX86-Q7VW

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49
VLAI
Details

The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.",
  "id": "GHSA-433p-jx86-q7vw",
  "modified": "2022-05-13T01:49:54Z",
  "published": "2022-05-13T01:49:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14051"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marc-q/libwav/issues/21"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fouzhe/security/tree/master/libwav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43MH-3PGG-2XJC

Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30
VLAI
Details

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.

This issue affects lede: through r25.10.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T09:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1.",
  "id": "GHSA-43mh-3pgg-2xjc",
  "modified": "2026-01-27T09:30:30Z",
  "published": "2026-01-27T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coolsnowwolf/lede/pull/13346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-43RM-FV4G-CMJ8

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-06-08 00:00
VLAI
Details

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-02T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",
  "id": "GHSA-43rm-fv4g-cmj8",
  "modified": "2022-06-08T00:00:32Z",
  "published": "2022-05-24T19:03:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3468"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43W5-MMXV-CPVH

Vulnerability from github – Published: 2026-03-17 16:59 – Updated: 2026-03-31 18:45
VLAI
Summary
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices
Details

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., authors[1].name followed by authors[0].name).

Example

With such an application

package dosform;

import io.micronaut.http.HttpResponse;
import io.micronaut.http.MediaType;
import io.micronaut.http.annotation.Body;
import io.micronaut.http.annotation.Consumes;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Post;
import io.micronaut.http.annotation.Produces;

import java.net.URI;

@Controller
class HomeController {

    @Produces(MediaType.TEXT_HTML)
    @Get
    String index() {
        return """
                <!DOCTYPE html>
                <html>
                <head>
                <title></title>
                </head>
                <body>
    <form action="/submit" method="post">
      <label for="firstAuthor">Fist Author</label>
      <input id="firstAuthor" name="authors[0].name" type="text"/>

      <label for="secondAuthor">Second Author</label>
      <input id="secondAuthor" name="authors[1].name" type="text"/>

      <label for="thirdAuthor">Third Author</label>
      <input id="thirdAuthor" name="authors[2].name" type="text"/>

      <button type="submit">Submit</button>
    </form>

                </body>
                </html>
                """;
    }

    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    @Post("/submit")
    HttpResponse<?> submit(@Body Book book) {
        return HttpResponse.seeOther(URI.create("/"));
    }
}
package dosform;

import io.micronaut.core.annotation.Introspected;

import java.util.Objects;

@Introspected
public class Author {
    private String name;
    public String getName() { return name; }
    public void setName(String name) { this.name = name; }

    @Override
    public final boolean equals(Object o) {
        if (!(o instanceof Author)) return false;

        Author author = (Author) o;
        return Objects.equals(name, author.name);
    }

    @Override
    public int hashCode() {
        return Objects.hashCode(name);
    }

    @Override
    public String toString() {
        return "Author{" +
                "name='" + name + '\'' +
                '}';
    }
}
package dosform;

import io.micronaut.core.annotation.Introspected;

import java.util.List;
import java.util.Objects;

@Introspected
public class Book {
    private List<Author> authors;
    public List<Author> getAuthors() { return authors; }
    public void setAuthors(List<Author> authors) { this.authors = authors; }

    @Override
    public final boolean equals(Object o) {
        if (!(o instanceof Book)) return false;

        Book book = (Book) o;
        return Objects.equals(authors, book.authors);
    }

    @Override
    public int hashCode() {
        return Objects.hashCode(authors);
    }

    @Override
    public String toString() {
        return "Book{" +
                "authors=" + authors +
                '}';
    }
}

Sending curl -v -X POST 'http://127.0.0.1:8080/submit' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'authors[1].name=RobertGalbraith' --data-urlencode 'authors[0].name=JKRowling' causes sustained CPU usage and unbounded memory growth (eventually OutOfMemoryError).

Patches

For Micronaut 4, the problem has been patched in micronaut-core, dependencies with group id io.micronaut, since 4.10.16.

For Micronaut 3, the problem has been patched since 3.10.5

Users upgrade to the latest version of the framework.

Workarounds

There is no way for users to fix or remediate the vulnerability without upgrading.

References

PR Fix: https://github.com/micronaut-projects/micronaut-core/pull/12410

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-json-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-M1"
            },
            {
              "fixed": "4.10.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-json-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.0"
            },
            {
              "fixed": "3.10.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-json-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T16:59:59Z",
    "nvd_published_at": "2026-03-20T05:16:15Z",
    "severity": "HIGH"
  },
  "details": "In `JsonBeanPropertyBinder::expandArrayToThreshold` in `io.micronaut:micronaut-json-core` before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., `authors[1].name` followed by `authors[0].name`).\n\n### Example\n\nWith such an application\n\n```java\npackage dosform;\n\nimport io.micronaut.http.HttpResponse;\nimport io.micronaut.http.MediaType;\nimport io.micronaut.http.annotation.Body;\nimport io.micronaut.http.annotation.Consumes;\nimport io.micronaut.http.annotation.Controller;\nimport io.micronaut.http.annotation.Get;\nimport io.micronaut.http.annotation.Post;\nimport io.micronaut.http.annotation.Produces;\n\nimport java.net.URI;\n\n@Controller\nclass HomeController {\n\n    @Produces(MediaType.TEXT_HTML)\n    @Get\n    String index() {\n        return \"\"\"\n                \u003c!DOCTYPE html\u003e\n                \u003chtml\u003e\n                \u003chead\u003e\n                \u003ctitle\u003e\u003c/title\u003e\n                \u003c/head\u003e\n                \u003cbody\u003e\n    \u003cform action=\"/submit\" method=\"post\"\u003e\n      \u003clabel for=\"firstAuthor\"\u003eFist Author\u003c/label\u003e\n      \u003cinput id=\"firstAuthor\" name=\"authors[0].name\" type=\"text\"/\u003e\n\n      \u003clabel for=\"secondAuthor\"\u003eSecond Author\u003c/label\u003e\n      \u003cinput id=\"secondAuthor\" name=\"authors[1].name\" type=\"text\"/\u003e\n      \n      \u003clabel for=\"thirdAuthor\"\u003eThird Author\u003c/label\u003e\n      \u003cinput id=\"thirdAuthor\" name=\"authors[2].name\" type=\"text\"/\u003e\n\n      \u003cbutton type=\"submit\"\u003eSubmit\u003c/button\u003e\n    \u003c/form\u003e\n               \n                \u003c/body\u003e\n                \u003c/html\u003e\n                \"\"\";\n    }\n\n    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)\n    @Post(\"/submit\")\n    HttpResponse\u003c?\u003e submit(@Body Book book) {\n        return HttpResponse.seeOther(URI.create(\"/\"));\n    }\n}\npackage dosform;\n\nimport io.micronaut.core.annotation.Introspected;\n\nimport java.util.Objects;\n\n@Introspected\npublic class Author {\n    private String name;\n    public String getName() { return name; }\n    public void setName(String name) { this.name = name; }\n\n    @Override\n    public final boolean equals(Object o) {\n        if (!(o instanceof Author)) return false;\n\n        Author author = (Author) o;\n        return Objects.equals(name, author.name);\n    }\n\n    @Override\n    public int hashCode() {\n        return Objects.hashCode(name);\n    }\n\n    @Override\n    public String toString() {\n        return \"Author{\" +\n                \"name=\u0027\" + name + \u0027\\\u0027\u0027 +\n                \u0027}\u0027;\n    }\n}\npackage dosform;\n\nimport io.micronaut.core.annotation.Introspected;\n\nimport java.util.List;\nimport java.util.Objects;\n\n@Introspected\npublic class Book {\n    private List\u003cAuthor\u003e authors;\n    public List\u003cAuthor\u003e getAuthors() { return authors; }\n    public void setAuthors(List\u003cAuthor\u003e authors) { this.authors = authors; }\n\n    @Override\n    public final boolean equals(Object o) {\n        if (!(o instanceof Book)) return false;\n\n        Book book = (Book) o;\n        return Objects.equals(authors, book.authors);\n    }\n\n    @Override\n    public int hashCode() {\n        return Objects.hashCode(authors);\n    }\n\n    @Override\n    public String toString() {\n        return \"Book{\" +\n                \"authors=\" + authors +\n                \u0027}\u0027;\n    }\n}\n```\n\nSending `curl -v -X POST \u0027http://127.0.0.1:8080/submit\u0027 -H \u0027Content-Type: application/x-www-form-urlencoded\u0027 --data-urlencode \u0027authors[1].name=RobertGalbraith\u0027 --data-urlencode \u0027authors[0].name=JKRowling\u0027` causes sustained CPU usage and unbounded memory growth (eventually `OutOfMemoryError`). \n\n### Patches\nFor Micronaut 4, the problem has been patched in `micronaut-core`, dependencies with group id `io.micronaut`, since [4.10.16](https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.16).\n\nFor Micronaut 3, the problem has been patched since [3.10.5](https://github.com/micronaut-projects/micronaut-core/releases/tag/v3.10.5)\n\nUsers upgrade to the latest version of the framework. \n\n### Workarounds\nThere is no way for users to fix or remediate the vulnerability without upgrading.\n\n### References\nPR Fix: https://github.com/micronaut-projects/micronaut-core/pull/12410",
  "id": "GHSA-43w5-mmxv-cpvh",
  "modified": "2026-03-31T18:45:02Z",
  "published": "2026-03-17T16:59:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-43w5-mmxv-cpvh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/pull/12410"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/1afe509677c51b320041b7a2c177366d4a4deb55"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/micronaut-projects/micronaut-core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/releases/tag/v3.10.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices"
}

GHSA-45C7-642Q-QM9M

Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-06-25 18:31
VLAI
Details

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-20T15:15:11Z",
    "severity": "HIGH"
  },
  "details": "An infinite loop vulnerability was found in Samba\u0027s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.",
  "id": "GHSA-45c7-642q-qm9m",
  "modified": "2024-06-25T18:31:20Z",
  "published": "2023-07-20T18:33:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34966"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6667"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7139"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0423"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0580"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4101"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-34966"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222793"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5477"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2023-34966"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45XF-WH8J-3X9P

Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: avoid infinite loop to flush node pages

xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it.

[16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d/0x130 [16418.525238] __submit_bio+0x49/0x310 [f2fs] [16418.525339] ? bio_add_page+0x6a/0x90 [16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs] [16418.525365] read_node_page+0x125/0x1b0 [f2fs] [16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs] [16418.525409] __get_node_page+0x2f/0x60 [f2fs] [16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs] [16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30 [16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40 [16418.525467] ? __xa_set_mark+0x57/0x70 [16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs] [16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs] [16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90 [16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs] [16418.525545] ? blk_flush_plug_list+0x47/0x100 [16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs] [16418.525569] do_writepages+0xd5/0x210 [16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0 [16418.525655] filemap_fdatawrite+0x50/0x70 [16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs] [16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs] [16418.525699] ? ttwu_do_wakeup+0x1c/0x160 [16418.525709] ? ttwu_do_activate+0x6d/0xd0 [16418.525711] ? __wait_for_common+0x11d/0x150 [16418.525715] kill_f2fs_super+0xca/0x100 [f2fs] [16418.525733] deactivate_locked_super+0x3b/0xb0 [16418.525739] deactivate_super+0x40/0x50 [16418.525741] cleanup_mnt+0x139/0x190 [16418.525747] __cleanup_mnt+0x12/0x20 [16418.525749] task_work_run+0x6d/0xa0 [16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0 [16418.525771] syscall_exit_to_user_mode+0x27/0x50 [16418.525774] do_syscall_64+0x48/0xc0 [16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let\u0027s avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553]  ? dm_submit_bio+0x48/0x400\n[16418.518574]  ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207]  __submit_bio+0x1a9/0x230\n[16418.525210]  ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223]  submit_bio_noacct+0xa8/0x2b0\n[16418.525226]  submit_bio+0x4d/0x130\n[16418.525238]  __submit_bio+0x49/0x310 [f2fs]\n[16418.525339]  ? bio_add_page+0x6a/0x90\n[16418.525344]  f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365]  read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388]  __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409]  __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431]  f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458]  ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465]  ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467]  ? __xa_set_mark+0x57/0x70\n[16418.525472]  f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493]  f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514]  ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523]  f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545]  ? blk_flush_plug_list+0x47/0x100\n[16418.525548]  f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569]  do_writepages+0xd5/0x210\n[16418.525648]  filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655]  filemap_fdatawrite+0x50/0x70\n[16418.525658]  f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679]  f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699]  ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709]  ? ttwu_do_activate+0x6d/0xd0\n[16418.525711]  ? __wait_for_common+0x11d/0x150\n[16418.525715]  kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733]  deactivate_locked_super+0x3b/0xb0\n[16418.525739]  deactivate_super+0x40/0x50\n[16418.525741]  cleanup_mnt+0x139/0x190\n[16418.525747]  __cleanup_mnt+0x12/0x20\n[16418.525749]  task_work_run+0x6d/0xa0\n[16418.525765]  exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771]  syscall_exit_to_user_mode+0x27/0x50\n[16418.525774]  do_syscall_64+0x48/0xc0\n[16418.525776]  entry_SYSCALL_64_after_hwframe+0x44/0xae",
  "id": "GHSA-45xf-wh8j-3x9p",
  "modified": "2025-03-14T00:30:51Z",
  "published": "2025-03-14T00:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49317"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7b8618aa2f0f926ce85f2486ac835a85c753ca7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4699-632X-4VXR

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-04-04 03:06
VLAI
Details

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-24T20:15:00Z",
    "severity": "LOW"
  },
  "details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
  "id": "GHSA-4699-632x-4vxr",
  "modified": "2024-04-04T03:06:56Z",
  "published": "2022-05-24T22:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4191-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4191-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4665"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46HJ-M8HR-C3H7

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-22T05:34:00Z",
    "severity": "HIGH"
  },
  "details": "The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.",
  "id": "GHSA-46hj-m8hr-c3h7",
  "modified": "2022-05-13T01:03:51Z",
  "published": "2022-05-13T01:03:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2789"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-226-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.