CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-5RQG-JM4F-CQX7
Vulnerability from github – Published: 2022-01-10 17:29 – Updated: 2022-01-10 19:56colors is a library for including colored text in node.js consoles. Between 07 and 09 January 2022, colors versions 1.4.1, 1.4.2, and 1.4.44-liberty-2 were published including malicious code that caused a Denial of Service due to an infinite loop. Software dependent on these versions experienced the printing of randomized characters to console and an infinite loop resulting in unbound system resource consumption.
Users of colors relying on these specific versions should downgrade to version 1.4.0.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "colors"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.1"
},
{
"last_affected": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "colors"
},
"versions": [
"1.4.44-liberty-2"
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-10T17:29:22Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "colors is a library for including colored text in node.js consoles. Between 07 and 09 January 2022, colors versions 1.4.1, 1.4.2, and 1.4.44-liberty-2 were published including malicious code that caused a Denial of Service due to an infinite loop. Software dependent on these versions experienced the printing of randomized characters to console and an infinite loop resulting in unbound system resource consumption.\n\nUsers of colors relying on these specific versions should downgrade to version 1.4.0.\n",
"id": "GHSA-5rqg-jm4f-cqx7",
"modified": "2022-01-10T19:56:36Z",
"published": "2022-01-10T17:29:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/commit/137c6dae3339e97f4bbc838c221803c363b0a9fd"
},
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/commit/5d2d242f656103ac38086d6b26433a09f1c38c75"
},
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/commit/6bc50e79eeaa1d87369bb3e7e608ebed18c5cf26"
},
{
"type": "PACKAGE",
"url": "https://github.com/Marak/colors.js"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Infinite loop causing Denial of Service in colors"
}
GHSA-5V62-8FQ6-CP9M
Vulnerability from github – Published: 2026-06-25 21:48 – Updated: 2026-06-25 21:48An infinite loop in the subimage-search operation can happen when using a crafted image.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48733"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T21:48:11Z",
"nvd_published_at": "2026-06-10T23:16:49Z",
"severity": "MODERATE"
},
"details": "An infinite loop in the subimage-search operation can happen when using a crafted image.",
"id": "GHSA-5v62-8fq6-cp9m",
"modified": "2026-06-25T21:48:11Z",
"published": "2026-06-25T21:48:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48733"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has an Infinite Loop in subimage-search with crafted image"
}
GHSA-5V7R-6R5C-R473
Vulnerability from github – Published: 2026-03-10 23:57 – Updated: 2026-03-10 23:57Impact
A denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value becomes negative (-24), causing tokenizer.ignore(payload) to move the read position backwards, so the same sub-header is read repeatedly forever.
Any application that uses file-type to detect the type of untrusted/attacker-controlled input is affected. An attacker can stall the Node.js event loop with a 55-byte payload.
Patches
Fixed in version 21.3.1. Users should upgrade to >= 21.3.1.
Workarounds
Validate or limit the size of input buffers before passing them to file-type, or run file type detection in a worker thread with a timeout.
References
- Fix commit: 319abf871b50ba2fa221b4a7050059f1ae096f4f
Reporter
crnkovic@lokvica.com
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "file-type"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "21.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31808"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-10T23:57:09Z",
"nvd_published_at": "2026-03-10T21:16:50Z",
"severity": "MODERATE"
},
"details": "### Impact\nA denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a `size` field of zero, the parser enters an infinite loop. The `payload` value becomes negative (-24), causing `tokenizer.ignore(payload)` to move the read position backwards, so the same sub-header is read repeatedly forever.\n\nAny application that uses `file-type` to detect the type of untrusted/attacker-controlled input is affected. An attacker can stall the Node.js event loop with a 55-byte payload.\n\n### Patches\nFixed in version 21.3.1. Users should upgrade to \u003e= 21.3.1.\n\n### Workarounds\nValidate or limit the size of input buffers before passing them to `file-type`, or run file type detection in a worker thread with a timeout.\n\n### References\n- Fix commit: 319abf871b50ba2fa221b4a7050059f1ae096f4f\n\n### Reporter\n\ncrnkovic@lokvica.com",
"id": "GHSA-5v7r-6r5c-r473",
"modified": "2026-03-10T23:57:09Z",
"published": "2026-03-10T23:57:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31808"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f"
},
{
"type": "PACKAGE",
"url": "https://github.com/sindresorhus/file-type"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header"
}
GHSA-5W5C-6HMQ-MGPR
Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
{
"affected": [],
"aliases": [
"CVE-2023-43511"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T06:15:13Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.",
"id": "GHSA-5w5c-6hmq-mgpr",
"modified": "2024-01-02T06:30:31Z",
"published": "2024-01-02T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43511"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W87-WVP6-XG53
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
{
"affected": [],
"aliases": [
"CVE-2019-10898"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T04:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.",
"id": "GHSA-5w87-wvp6-xg53",
"modified": "2022-05-13T01:21:56Z",
"published": "2022-05-13T01:21:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10898"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f80b7d1b279fb6c13f640019a1bbc42b18bf7469"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2019-12.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107836"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X64-925V-H4GV
Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:48An issue was discovered in OFPQueueGetConfigReply in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ryu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35141"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-11T22:03:46Z",
"nvd_published_at": "2023-08-11T14:15:11Z",
"severity": "HIGH"
},
"details": "An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
"id": "GHSA-5x64-925v-h4gv",
"modified": "2023-08-18T15:48:16Z",
"published": "2023-08-11T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35141"
},
{
"type": "WEB",
"url": "https://github.com/faucetsdn/ryu/issues/118"
},
{
"type": "PACKAGE",
"url": "https://github.com/faucetsdn/ryu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}
GHSA-5XQP-7G33-7HX3
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
{
"affected": [],
"aliases": [
"CVE-2018-19840"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-04T09:29:00Z",
"severity": "MODERATE"
},
"details": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"id": "GHSA-5xqp-7g33-7hx3",
"modified": "2022-05-13T01:12:10Z",
"published": "2022-05-13T01:12:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19840"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/issues/53"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3839-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XQR-GRQ4-QWGX
Vulnerability from github – Published: 2018-10-17 00:04 – Updated: 2022-11-17 18:39Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.github.junrar:junrar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-12418"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:17:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.",
"id": "GHSA-5xqr-grq4-qwgx",
"modified": "2022-11-17T18:39:50Z",
"published": "2018-10-17T00:04:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12418"
},
{
"type": "WEB",
"url": "https://github.com/junrar/junrar/pull/8"
},
{
"type": "WEB",
"url": "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5xqr-grq4-qwgx"
},
{
"type": "PACKAGE",
"url": "https://github.com/junrar/junrar"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Junrar vulnerable to Infinite Loop"
}
GHSA-636H-F5G9-P45X
Vulnerability from github – Published: 2022-05-01 07:38 – Updated: 2022-05-01 07:38The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
{
"affected": [],
"aliases": [
"CVE-2006-6499"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-12-20T01:28:00Z",
"severity": "MODERATE"
},
"details": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.",
"id": "GHSA-636h-f5g9-p45x",
"modified": "2022-05-01T07:38:40Z",
"published": "2022-05-01T07:38:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6499"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23282"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23420"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23422"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23589"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23591"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23614"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23672"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23692"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23988"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24078"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24390"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017398"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017405"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017406"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/21668"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1124"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0083"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-63P4-W7WR-6HXG
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
{
"affected": [],
"aliases": [
"CVE-2020-13986"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.",
"id": "GHSA-63p4-w7wr-6hxg",
"modified": "2022-05-24T17:35:59Z",
"published": "2022-05-24T17:35:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13986"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.