CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-5MF7-26MW-3RQR
Vulnerability from github – Published: 2018-10-17 15:50 – Updated: 2021-09-01 22:17A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1338"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:16:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika\u0027s BPGParser in versions of Apache Tika before 1.18.",
"id": "GHSA-5mf7-26mw-3rqr",
"modified": "2021-09-01T22:17:57Z",
"published": "2018-10-17T15:50:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moderate severity vulnerability that affects org.apache.tika:tika-core"
}
GHSA-5MWH-VG7P-2624
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-6531"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:40Z",
"severity": "MODERATE"
},
"details": "SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-5mwh-vg7p-2624",
"modified": "2026-04-30T15:30:39Z",
"published": "2026-04-30T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6531"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21139"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21139"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-30.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5P2G-FCMC-QVQQ
Vulnerability from github – Published: 2026-06-10 15:31 – Updated: 2026-06-10 15:31image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.
{
"affected": [],
"aliases": [
"CVE-2025-71329"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T14:16:30Z",
"severity": "HIGH"
},
"details": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.",
"id": "GHSA-5p2g-fcmc-qvqq",
"modified": "2026-06-10T15:31:30Z",
"published": "2026-06-10T15:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71329"
},
{
"type": "WEB",
"url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5Q2V-6J86-5H9V
Vulnerability from github – Published: 2022-06-17 21:44 – Updated: 2022-09-01 19:00A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.368.53"
},
"package": {
"ecosystem": "NuGet",
"name": "OPCFoundation.NetStandard.Opc.Ua.Core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.368.58"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29862"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T21:44:01Z",
"nvd_published_at": "2022-06-16T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.",
"id": "GHSA-5q2v-6j86-5h9v",
"modified": "2022-09-01T19:00:53Z",
"published": "2022-06-17T21:44:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29862"
},
{
"type": "WEB",
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf"
},
{
"type": "PACKAGE",
"url": "https://github.com/OPCFoundation/UA-.NETStandard"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Security Update for the OPC UA .NET Standard Stack"
}
GHSA-5QCG-W2CC-XFFW
Vulnerability from github – Published: 2020-01-21 20:32 – Updated: 2024-11-18 22:16The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "validators"
},
"ranges": [
{
"events": [
{
"introduced": "0.12.2"
},
{
"fixed": "0.12.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-19588"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-01-21T20:31:40Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.",
"id": "GHSA-5qcg-w2cc-xffw",
"modified": "2024-11-18T22:16:34Z",
"published": "2020-01-21T20:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19588"
},
{
"type": "WEB",
"url": "https://github.com/kvesteri/validators/issues/86"
},
{
"type": "WEB",
"url": "https://github.com/python-validators/validators/issues/86"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5qcg-w2cc-xffw"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/validators/PYSEC-2019-134.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/python-validators/validators"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Uncontrolled resource consumption in validators Python package"
}
GHSA-5QJ3-2MWP-VP67
Vulnerability from github – Published: 2023-01-20 09:30 – Updated: 2023-02-06 18:30A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2023-20020"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T07:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.",
"id": "GHSA-5qj3-2mwp-vp67",
"modified": "2023-02-06T18:30:31Z",
"published": "2023-01-20T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20020"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5QM5-4FJV-GHCW
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-08-06 00:00A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2021-1252"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-08T05:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.",
"id": "GHSA-5qm5-4fjv-ghcw",
"modified": "2022-08-06T00:00:41Z",
"published": "2022-05-24T17:46:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1252"
},
{
"type": "WEB",
"url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5QWM-7PVP-W988
Vulnerability from github – Published: 2026-05-19 19:50 – Updated: 2026-05-19 19:50Summary
The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry (OpenMcdf/DirectoryTree.cs:35-46) walks directory entries by repeatedly calling directories.TryGetSibling(child, siblingType, validateColor). A crafted CFB file with cyclic Left/Right sibling links among directory entries - constructed so the per-step BST-order check in TryGetSibling (DirectoryEntries.cs:84-85) is satisfied at every step - drives this while (child is not null) loop forever. There is no cycle detection in TryGetDirectoryEntry.
Details
The recent Brent's-algorithm commit (24f445a) protects DirectoryTreeEnumerator and works correctly for both attached repros - pure EnumerateEntries() throws FileFormatException: Directory tree contains a loop cleanly. The unprotected code path is the lookup-by-name loop, which is reached from multiple public APIs:
- RootStorage.OpenStorage(name) / TryOpenStorage(name)
- RootStorage.OpenStream(name) / TryOpenStream(name)
The second one matters most: typical consumers iterate EnumerateEntries() and call OpenStream(entry.Name) per Stream entry. With Brent's algorithm catching the enumeration cycle but not the per-entry lookup, callers can still hang as soon as they touch a streamed entry.
PoC
Two minimal repros attached, demonstrating the same lookup-loop bug reached via two different public APIs:
repro_lookup.cfb(5,632 bytes) - hangs on directOpenStorage(name)for a name not present in the directoryrepro_enumerate.cfb(7,936 bytes) - hangs onOpenStream(entry.Name)called for an entry returned byEnumerateEntries()(the common consumer pattern)
Repro 1 - OpenStorage(name)
using OpenMcdf;
using var fs = File.OpenRead("repro_lookup.cfb");
using var root = RootStorage.Open(fs);
root.TryOpenStorage("__substg1.0_3001001F", out _);
// process spins at 100% CPU; Ctrl+C required.
Repro 2 - OpenStream from inside an enumeration loop
using OpenMcdf;
using var fs = File.OpenRead("repro_enumerate.cfb");
using var root = RootStorage.Open(fs);
foreach (var entry in root.EnumerateEntries()) // safe: Brent's catches enumeration cycles
{
if (entry.Type == EntryType.Stream)
_ = root.OpenStream(entry.Name); // hangs: lookup path has no cycle detection
}
Both processes will not terminate.
(Note: pure foreach (var entry in root.EnumerateEntries()) { } with no per-entry lookup is safe - Brent's algorithm in DirectoryTreeEnumerator catches the enumeration cycle and throws FileFormatException: Directory tree contains a loop. The hang only manifests once a name lookup is performed.)
Impact
A denial of service affecting any application that opens untrusted CFB files with OpenMcdf. A small crafted input with a cyclic directory tree reaches the unprotected BST name-lookup in DirectoryTree.TryGetDirectoryEntry, hit by any caller of OpenStorage / TryOpenStorage / OpenStream / TryOpenStream - including the very common pattern of iterating EnumerateEntries() and calling OpenStream(entry.Name) per Stream entry. The cycles bypass the per-step BST-order check in TryGetSibling, so no exception is thrown and try/catch cannot protect callers. The affected thread is unrecoverable without killing the process. Downstream CFB consumers (e.g. .msg-file parsers) inherit transitively.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.3"
},
"package": {
"ecosystem": "NuGet",
"name": "OpenMcdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45785"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-19T19:50:57Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe BST name-lookup loop in `DirectoryTree.TryGetDirectoryEntry` (`OpenMcdf/DirectoryTree.cs:35-46`) walks directory entries by repeatedly calling `directories.TryGetSibling(child, siblingType, validateColor)`. A crafted CFB file with cyclic Left/Right sibling links among directory entries - constructed so the per-step BST-order check in `TryGetSibling` (`DirectoryEntries.cs:84-85`) is satisfied at every step - drives this `while (child is not null)` loop forever. There is no cycle detection in `TryGetDirectoryEntry`.\n\n### Details\nThe recent Brent\u0027s-algorithm commit ([`24f445a`](https://github.com/openmcdf/openmcdf/commit/24f445a557fc4f46461cf6d02d296cce16c293a0)) protects `DirectoryTreeEnumerator` and works correctly for both attached repros - pure `EnumerateEntries()` throws `FileFormatException: Directory tree contains a loop` cleanly. The unprotected code path is the lookup-by-name loop, which is reached from multiple public APIs:\n- `RootStorage.OpenStorage(name)` / `TryOpenStorage(name)`\n- `RootStorage.OpenStream(name)` / `TryOpenStream(name)`\n\nThe second one matters most: typical consumers iterate `EnumerateEntries()` and call `OpenStream(entry.Name)` per Stream entry. With Brent\u0027s algorithm catching the enumeration cycle but not the per-entry lookup, callers can still hang as soon as they touch a streamed entry.\n\n### PoC\nTwo minimal repros attached, demonstrating the same lookup-loop bug reached via two different public APIs:\n\n- `repro_lookup.cfb` (5,632 bytes) - hangs on direct `OpenStorage(name)` for a name not present in the directory\n- `repro_enumerate.cfb` (7,936 bytes) - hangs on `OpenStream(entry.Name)` called for an entry returned by `EnumerateEntries()` (the common consumer pattern)\n\n### Repro 1 - `OpenStorage(name)`\n\n```csharp\nusing OpenMcdf;\n\nusing var fs = File.OpenRead(\"repro_lookup.cfb\");\nusing var root = RootStorage.Open(fs);\nroot.TryOpenStorage(\"__substg1.0_3001001F\", out _);\n// process spins at 100% CPU; Ctrl+C required.\n```\n\n### Repro 2 - `OpenStream` from inside an enumeration loop\n\n```csharp\nusing OpenMcdf;\n\nusing var fs = File.OpenRead(\"repro_enumerate.cfb\");\nusing var root = RootStorage.Open(fs);\nforeach (var entry in root.EnumerateEntries()) // safe: Brent\u0027s catches enumeration cycles\n{\n if (entry.Type == EntryType.Stream)\n _ = root.OpenStream(entry.Name); // hangs: lookup path has no cycle detection\n}\n```\n\nBoth processes will not terminate.\n\n(Note: pure `foreach (var entry in root.EnumerateEntries()) { }` with no per-entry lookup is **safe** - Brent\u0027s algorithm in `DirectoryTreeEnumerator` catches the enumeration cycle and throws `FileFormatException: Directory tree contains a loop`. The hang only manifests once a name lookup is performed.)\n\n[repros.zip](https://github.com/user-attachments/files/27084338/repros.zip)\n\n### Impact\nA denial of service affecting any application that opens untrusted CFB files with OpenMcdf. A small crafted input with a cyclic directory tree reaches the unprotected BST name-lookup in `DirectoryTree.TryGetDirectoryEntry`, hit by any caller of `OpenStorage` / `TryOpenStorage` / `OpenStream` / `TryOpenStream` - including the very common pattern of iterating `EnumerateEntries()` and calling `OpenStream(entry.Name)` per Stream entry. The cycles bypass the per-step BST-order check in `TryGetSibling`, so no exception is thrown and `try/catch` cannot protect callers. The affected thread is unrecoverable without killing the process. Downstream CFB consumers (e.g. `.msg`-file parsers) inherit transitively.",
"id": "GHSA-5qwm-7pvp-w988",
"modified": "2026-05-19T19:50:57Z",
"published": "2026-05-19T19:50:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openmcdf/openmcdf/security/advisories/GHSA-5qwm-7pvp-w988"
},
{
"type": "PACKAGE",
"url": "https://github.com/openmcdf/openmcdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle"
}
GHSA-5RCV-M4M3-HFH7
Vulnerability from github – Published: 2021-05-18 18:34 – Updated: 2024-05-20 19:24Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
Specific Go Packages Affected
golang.org/x/text/encoding/unicode golang.org/x/text/transform
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/text"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-14040"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-12T14:54:58Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.\n\n### Specific Go Packages Affected\ngolang.org/x/text/encoding/unicode\ngolang.org/x/text/transform",
"id": "GHSA-5rcv-m4m3-hfh7",
"modified": "2024-05-20T19:24:15Z",
"published": "2021-05-18T18:34:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/39491"
},
{
"type": "WEB",
"url": "https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e"
},
{
"type": "WEB",
"url": "https://go-review.googlesource.com/c/text/+/238238"
},
{
"type": "WEB",
"url": "https://go.dev/cl/238238"
},
{
"type": "WEB",
"url": "https://go.dev/issue/39491"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/text Infinite loop"
}
GHSA-5RFV-6FF9-RM8Q
Vulnerability from github – Published: 2025-11-26 03:30 – Updated: 2025-12-03 18:30Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.
{
"affected": [],
"aliases": [
"CVE-2025-66252"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-26T01:16:08Z",
"severity": "HIGH"
},
"details": "Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.",
"id": "GHSA-5rfv-6ff9-rm8q",
"modified": "2025-12-03T18:30:21Z",
"published": "2025-11-26T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66252"
},
{
"type": "WEB",
"url": "https://www.abdulmhsblog.com/posts/webfmvulns"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.