CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-52M7-M85H-565P
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:41In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
{
"affected": [],
"aliases": [
"CVE-2017-11406"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-18T21:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.",
"id": "GHSA-52m7-m85h-565p",
"modified": "2025-04-20T03:41:02Z",
"published": "2022-05-13T01:42:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11406"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99903"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52VR-V6FR-RFG8
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).
{
"affected": [],
"aliases": [
"CVE-2021-36125"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-02T13:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user\u0027s current username is beyond an arbitrary maximum configuration value (MaxNameChars).",
"id": "GHSA-52vr-v6fr-rfg8",
"modified": "2022-05-24T19:06:53Z",
"published": "2022-05-24T19:06:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36125"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T260865"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-52X6-GQ3R-VPF4
Vulnerability from github – Published: 2026-06-16 14:05 – Updated: 2026-06-16 14:05Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode.
Patches
This has been fixed in pypdf==6.13.0.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3830.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54530"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T14:05:40Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode.\n\n### Patches\n\nThis has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0).\n\n### Workarounds\n\nIf you cannot upgrade yet, consider applying the changes from PR [#3830](https://github.com/py-pdf/pypdf/pull/3830).",
"id": "GHSA-52x6-gq3r-vpf4",
"modified": "2026-06-16T14:05:41Z",
"published": "2026-06-16T14:05:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/3830"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction"
}
GHSA-53JF-V56H-XGQG
Vulnerability from github – Published: 2026-04-01 09:31 – Updated: 2026-04-24 15:32In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix differential encoding verification
Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates.
Unfortunately the differential encode verification had two bugs.
-
it conflated states that had gone through check and already been marked, with states that were currently being checked and marked. This means that loops in the current chain being verified are treated as a chain that has already been verified.
-
the order bailout on already checked states compared current chain check iterators j,k instead of using the outer loop iterator i. Meaning a step backwards in states in the current chain verification was being mistaken for moving to an already verified state.
Move to a double mark scheme where already verified states get a different mark, than the current chain being kept. This enables us to also drop the backwards verification check that was the cause of the second error as any already verified state is already marked.
{
"affected": [],
"aliases": [
"CVE-2026-23409"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T09:16:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix differential encoding verification\n\nDifferential encoding allows loops to be created if it is abused. To\nprevent this the unpack should verify that a diff-encode chain\nterminates.\n\nUnfortunately the differential encode verification had two bugs.\n\n1. it conflated states that had gone through check and already been\n marked, with states that were currently being checked and marked.\n This means that loops in the current chain being verified are treated\n as a chain that has already been verified.\n\n2. the order bailout on already checked states compared current chain\n check iterators j,k instead of using the outer loop iterator i.\n Meaning a step backwards in states in the current chain verification\n was being mistaken for moving to an already verified state.\n\nMove to a double mark scheme where already verified states get a\ndifferent mark, than the current chain being kept. This enables us\nto also drop the backwards verification check that was the cause of\nthe second error as any already verified state is already marked.",
"id": "GHSA-53jf-v56h-xgqg",
"modified": "2026-04-24T15:32:20Z",
"published": "2026-04-01T09:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23409"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fab44285445e9012674396d5c1236a67da518e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1439150cd3c411228b387ab5efca92199d2a659a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ff4857fac56ac5a90ee63b24db05fa5e91a45aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34fc60b125ed1d4eb002c76b0664bf0619492167"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39440b137546a3aa383cfdabc605fb73811b6093"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/623a9d211bbbb031bb1cbdb38b23487648167f8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f90e3ecd9e1ed69f1a370f866ceed1f104f3ab4a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff7c73744fafe944ed9a7b2b7cf6c8d5557a3d84"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-53X6-4X5P-RRVV
Vulnerability from github – Published: 2019-10-11 18:41 – Updated: 2021-06-15 17:21The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-compress"
},
"ranges": [
{
"events": [
{
"introduced": "1.15"
},
{
"fixed": "1.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.github.1tchy.java9modular.org.apache.commons:commons-compress"
},
"versions": [
"1.18.1"
]
}
],
"aliases": [
"CVE-2019-12402"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2019-09-30T09:39:36Z",
"nvd_published_at": "2019-08-30T09:15:00Z",
"severity": "HIGH"
},
"details": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.",
"id": "GHSA-53x6-4x5p-rrvv",
"modified": "2021-06-15T17:21:48Z",
"published": "2019-10-11T18:41:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230818-0001"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53@%3Cdev.brooklyn.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea@%3Ccommits.creadur.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/jensdietrich/xshady-release/tree/main/CVE-2019-12402"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service in Apache Commons Compress"
}
GHSA-543H-QFCX-5XWW
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-42781"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:48Z",
"severity": "HIGH"
},
"details": "When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-543h-qfcx-5xww",
"modified": "2026-05-13T18:30:56Z",
"published": "2026-05-13T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42781"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000160862"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5446-JRWR-X7C6
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:31ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
{
"affected": [],
"aliases": [
"CVE-2019-18217"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-21T04:15:00Z",
"severity": "HIGH"
},
"details": "ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.",
"id": "GHSA-5446-jrwr-x7c6",
"modified": "2024-04-04T02:31:59Z",
"published": "2022-05-24T16:59:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18217"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/issues/846"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/1.3.6/NEWS"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/master/NEWS"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00036.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Nov/7"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4559"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-556G-C348-R956
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.
{
"affected": [],
"aliases": [
"CVE-2018-7325"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.",
"id": "GHSA-556g-c348-r956",
"modified": "2022-05-13T01:53:19Z",
"published": "2022-05-13T01:53:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7325"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55W2-FCW3-JR3F
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2022-33238"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-55w2-fcw3-jr3f",
"modified": "2022-12-15T18:30:19Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33238"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55W5-H92F-5HWQ
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-6520"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:39Z",
"severity": "MODERATE"
},
"details": "OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-55w5-h92f-5hwq",
"modified": "2026-04-30T09:30:24Z",
"published": "2026-04-30T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6520"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21181"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-40.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.