CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-6J78-9283-GJ3W
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2024-09-12 18:31In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
{
"affected": [],
"aliases": [
"CVE-2018-5686"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-14T02:29:00Z",
"severity": "MODERATE"
},
"details": "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.",
"id": "GHSA-6j78-9283-gj3w",
"modified": "2024-09-12T18:31:37Z",
"published": "2022-05-13T01:28:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5686"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698860"
},
{
"type": "WEB",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=b70eb93f6936c03d8af52040bbca4d4a7db39079"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-15"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4334"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6M6C-36F7-FHXH
Vulnerability from github – Published: 2026-05-11 19:36 – Updated: 2026-06-09 10:28Impact
Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates.
Example:
gantt
excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday
DoS :2025-01-01, 1d
mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram).
Patches
This has been patched in:
- v11.15.0 (see faafb5d49106dd32c367f3882505f2dd625aa30e)
- v10.9.6 (see a59ea56174712ee5430dfd5bc877cb5151f501a6)
Workarounds
There are no workarounds available without updating to a newer version of mermaid.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.14.0"
},
"package": {
"ecosystem": "npm",
"name": "mermaid"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-alpha.1"
},
{
"fixed": "11.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.9.5"
},
"package": {
"ecosystem": "npm",
"name": "mermaid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.9.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41150"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T19:36:55Z",
"nvd_published_at": "2026-05-29T15:16:22Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nMermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates.\n\nExample:\n\n```\ngantt\n excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday\n DoS :2025-01-01, 1d\n```\n\n`mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram).\n\n### Patches\n\nThis has been patched in:\n\n- [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e))\n- [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6))\n\n### Workarounds\n\nThere are no workarounds available without updating to a newer version of mermaid.",
"id": "GHSA-6m6c-36f7-fhxh",
"modified": "2026-06-09T10:28:48Z",
"published": "2026-05-11T19:36:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41150"
},
{
"type": "WEB",
"url": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6"
},
{
"type": "WEB",
"url": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e"
},
{
"type": "PACKAGE",
"url": "https://github.com/mermaid-js/mermaid"
},
{
"type": "WEB",
"url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0"
},
{
"type": "WEB",
"url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS"
}
GHSA-6MCM-J9CJ-3VC3
Vulnerability from github – Published: 2021-11-03 17:30 – Updated: 2021-11-03 14:49In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.mina:mina-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.mina:mina-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41973"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-02T19:48:48Z",
"nvd_published_at": "2021-11-01T09:15:00Z",
"severity": "MODERATE"
},
"details": "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.",
"id": "GHSA-6mcm-j9cj-3vc3",
"modified": "2021-11-03T14:49:19Z",
"published": "2021-11-03T17:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41973"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite loop in Apache MINA"
}
GHSA-6PCQ-Q2Q7-F4WW
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
{
"affected": [],
"aliases": [
"CVE-2019-10897"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T04:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.",
"id": "GHSA-6pcq-q2q7-f4ww",
"modified": "2022-05-13T01:21:56Z",
"published": "2022-05-13T01:21:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10897"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2019-11.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107836"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q5Q-4C7R-7R4R
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2025-06-09 18:32The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
{
"affected": [],
"aliases": [
"CVE-2020-27618"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-26T23:15:00Z",
"severity": "MODERATE"
},
"details": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
"id": "GHSA-6q5q-4c7r-7r4r",
"modified": "2025-06-09T18:32:01Z",
"published": "2022-05-24T17:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27618"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210401-0006"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6R93-M2CP-HHMF
Vulnerability from github – Published: 2022-05-21 00:01 – Updated: 2022-05-27 00:00A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2022-29028"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-20T13:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
"id": "GHSA-6r93-m2cp-hhmf",
"modified": "2022-05-27T00:00:53Z",
"published": "2022-05-21T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29028"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6V9C-7CG6-27Q7
Vulnerability from github – Published: 2026-04-29 22:12 – Updated: 2026-04-29 22:12Summary
A critical Denial of Service (DoS) vulnerability exists in marked@18.0.0. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM).
Details
The vulnerability originates in how marked's block tokenizer handles unexpected whitespace characters.
- Tab Character (
\x09) Consumption: Thespace()tokenizer matches standard whitespace using the regex/^(?:[ \t]*(?:\n|$))+/. When parsing the malicious payload (\x09\x0b\n), this rule successfully consumes the initial tab character (\x09). - Vertical Tab (
\x0b) Bypass: The remaining input is now\x0b\n. The newline block rule explicitly looks for spaces or standard tabs ([ \t]) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match. - Fallback to Text Tokenizer: None of the standard block tokenizers (blockquote, code, heading, etc.) match
\x0b\n. As a result, the parser falls through to thetexttokenizer (/^[^\n]+/), which matches any character except a newline. - Infinite Recursion: Inside
blockTokens(), thetexttokenizer creates a text token and subsequently callsinlineTokens()on the exact same content. InsideinlineTokens(), the text rule again matches\x0b\nand recursively callsinlineTokens(). This creates an inescapable cycle:blockTokens() → text token → inlineTokens() → text rule matches → inlineTokens() → ...
With each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.
Vulnerable Code in lib/marked.esm.js (Lexer class, blockTokens()):
// The text tokenizer triggers infinite recursion
if(r=this.tokenizer.text(e)) {
e=e.substring(r.raw.length);
let s=t.at(-1);
s?.type==="text"?(s.raw+=(s.raw.endsWith("\n")?"":"\n")+r.raw, s.text+="\n"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);
// ↑ This calls inlineTokens() internally via the text tokenizer, causing the OOM loop
continue;
}
PoC
This vulnerability can be reproduced using any standard Node.js environment with marked@18.0.0 installed.
- Create a file named
poc.jswith the following content:
const marked = require('marked');
// The vulnerable 3-byte pattern: tab + vertical tab + newline
const vulnerableInput = '\x09\x0b\n';
console.log('Attempting to parse malicious payload...');
try {
marked.parse(vulnerableInput);
} catch(e) {
console.log('Error:', e.message);
}
- Run the script:
node poc.js - Result: The process will hang briefly as memory spikes, ultimately crashing with:
FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory.
Impact
This is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion.
Impacted Parties: Any application, API, chatbot, or documentation system using marked@18.0.0 (and potentially earlier versions) to parse untrusted user input is vulnerable.
Because the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 18.0.1"
},
"package": {
"ecosystem": "npm",
"name": "marked"
},
"ranges": [
{
"events": [
{
"introduced": "18.0.0"
},
{
"fixed": "18.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41680"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-674",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T22:12:20Z",
"nvd_published_at": "2026-04-24T18:16:29Z",
"severity": "HIGH"
},
"details": "### Summary\nA critical Denial of Service (DoS) vulnerability exists in `marked@18.0.0`. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (`\\x09\\x0b\\n`)\u2014an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM). \n\n### Details\nThe vulnerability originates in how `marked`\u0027s block tokenizer handles unexpected whitespace characters. \n\n1. **Tab Character (`\\x09`) Consumption**: The `space()` tokenizer matches standard whitespace using the regex `/^(?:[ \\t]*(?:\\n|$))+/`. When parsing the malicious payload (`\\x09\\x0b\\n`), this rule successfully consumes the initial tab character (`\\x09`).\n2. **Vertical Tab (`\\x0b`) Bypass**: The remaining input is now `\\x0b\\n`. The newline block rule explicitly looks for spaces or standard tabs (`[ \\t]`) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match.\n3. **Fallback to Text Tokenizer**: None of the standard block tokenizers (blockquote, code, heading, etc.) match `\\x0b\\n`. As a result, the parser falls through to the `text` tokenizer (`/^[^\\n]+/`), which matches any character except a newline.\n4. **Infinite Recursion**: Inside `blockTokens()`, the `text` tokenizer creates a text token and subsequently calls `inlineTokens()` on the exact same content. Inside `inlineTokens()`, the text rule again matches `\\x0b\\n` and recursively calls `inlineTokens()`. This creates an inescapable cycle: `blockTokens() \u2192 text token \u2192 inlineTokens() \u2192 text rule matches \u2192 inlineTokens() \u2192 ...`\n\nWith each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.\n\n**Vulnerable Code in `lib/marked.esm.js` (Lexer class, `blockTokens()`):**\n```javascript\n// The text tokenizer triggers infinite recursion\nif(r=this.tokenizer.text(e)) {\n e=e.substring(r.raw.length);\n let s=t.at(-1);\n s?.type===\"text\"?(s.raw+=(s.raw.endsWith(\"\\n\")?\"\":\"\\n\")+r.raw, s.text+=\"\\n\"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);\n // \u2191 This calls inlineTokens() internally via the text tokenizer, causing the OOM loop\n continue;\n}\n```\n\n### PoC\nThis vulnerability can be reproduced using any standard Node.js environment with `marked@18.0.0` installed.\n\n1. Create a file named `poc.js` with the following content:\n```javascript\nconst marked = require(\u0027marked\u0027);\n\n// The vulnerable 3-byte pattern: tab + vertical tab + newline\nconst vulnerableInput = \u0027\\x09\\x0b\\n\u0027;\n\nconsole.log(\u0027Attempting to parse malicious payload...\u0027);\ntry {\n marked.parse(vulnerableInput);\n} catch(e) {\n console.log(\u0027Error:\u0027, e.message);\n}\n```\n2. Run the script: `node poc.js`\n3. **Result:** The process will hang briefly as memory spikes, ultimately crashing with: `FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`.\n\n### Impact\nThis is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion. \n\n**Impacted Parties:** Any application, API, chatbot, or documentation system using `marked@18.0.0` (and potentially earlier versions) to parse untrusted user input is vulnerable. \n\nBecause the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.",
"id": "GHSA-6v9c-7cg6-27q7",
"modified": "2026-04-29T22:12:20Z",
"published": "2026-04-29T22:12:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41680"
},
{
"type": "PACKAGE",
"url": "https://github.com/markedjs/marked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer"
}
GHSA-6V9F-3XW7-VJJ9
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
{
"affected": [],
"aliases": [
"CVE-2022-28886"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T19:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine",
"id": "GHSA-6v9f-3xw7-vjj9",
"modified": "2022-09-27T00:00:14Z",
"published": "2022-09-25T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28886"
},
{
"type": "WEB",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"type": "WEB",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VWG-GM7P-4529
Vulnerability from github – Published: 2025-10-11 00:30 – Updated: 2025-10-11 00:30MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2025-11626"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-10T23:15:35Z",
"severity": "MODERATE"
},
"details": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service",
"id": "GHSA-6vwg-gm7p-4529",
"modified": "2025-10-11T00:30:17Z",
"published": "2025-10-11T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11626"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VX5-8RXP-JW26
Vulnerability from github – Published: 2022-12-07 21:30 – Updated: 2022-12-12 18:30qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).
{
"affected": [],
"aliases": [
"CVE-2022-46770"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-07T20:15:00Z",
"severity": "HIGH"
},
"details": "qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).",
"id": "GHSA-6vx5-8rxp-jw26",
"modified": "2022-12-12T18:30:29Z",
"published": "2022-12-07T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46770"
},
{
"type": "WEB",
"url": "https://github.com/mirage/qubes-mirage-firewall/issues/166"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.