CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-7425-C3X3-HHJQ
Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-28 00:00A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
{
"affected": [],
"aliases": [
"CVE-2022-34760"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-13T21:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)",
"id": "GHSA-7425-c3x3-hhjq",
"modified": "2022-07-28T00:00:38Z",
"published": "2022-07-14T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34760"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74CG-CW39-RJ4G
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
page_pool: avoid infinite loop to schedule delayed worker
We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1].
Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally.
This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in page_pool_release_retry().
[1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of release_dw kworker.
{
"affected": [],
"aliases": [
"CVE-2025-37859"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: avoid infinite loop to schedule delayed worker\n\nWe noticed the kworker in page_pool_release_retry() was waken\nup repeatedly and infinitely in production because of the\nbuggy driver causing the inflight less than 0 and warning\nus in page_pool_inflight()[1].\n\nSince the inflight value goes negative, it means we should\nnot expect the whole page_pool to get back to work normally.\n\nThis patch mitigates the adverse effect by not rescheduling\nthe kworker when detecting the inflight negative in\npage_pool_release_retry().\n\n[1]\n[Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------\n[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages\n...\n[Mon Feb 10 20:36:11 2025] Call Trace:\n[Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70\n[Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370\n[Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0\n[Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140\n[Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370\n[Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40\n[Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40\n[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---\nNote: before this patch, the above calltrace would flood the\ndmesg due to repeated reschedule of release_dw kworker.",
"id": "GHSA-74cg-cw39-rj4g",
"modified": "2025-11-12T21:31:02Z",
"published": "2025-05-09T09:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37859"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74PV-V9GH-H25P
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2023-03-10 00:43RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jruby:jruby-stdlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000075"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-10T00:43:45Z",
"nvd_published_at": "2018-03-13T15:29:00Z",
"severity": "HIGH"
},
"details": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.",
"id": "GHSA-74pv-v9gh-h25p",
"modified": "2023-03-10T00:43:45Z",
"published": "2022-05-13T01:48:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000075"
},
{
"type": "WEB",
"url": "https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"
},
{
"type": "WEB",
"url": "https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"
},
{
"type": "WEB",
"url": "https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4219"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3621-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0663"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0591"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0542"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2028"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"type": "WEB",
"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "RubyGems Infinite Loop vulnerability"
}
GHSA-74Q6-7F58-9G77
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2024-08-21 15:30An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
{
"affected": [],
"aliases": [
"CVE-2021-22197"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other",
"id": "GHSA-74q6-7f58-9g77",
"modified": "2024-08-21T15:30:49Z",
"published": "2022-05-24T17:46:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22197"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22197.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/323198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-74R2-QF2J-VM8R
Vulnerability from github – Published: 2022-05-17 01:01 – Updated: 2024-10-21 18:30Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.
{
"affected": [],
"aliases": [
"CVE-2011-1142"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-03T01:00:00Z",
"severity": "MODERATE"
},
"details": "Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.",
"id": "GHSA-74r2-qf2j-vm8r",
"modified": "2024-10-21T18:30:42Z",
"published": "2022-05-17T01:01:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1142"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14724"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025148"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0622"
},
{
"type": "WEB",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html"
},
{
"type": "WEB",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7553-JR98-VX47
Vulnerability from github – Published: 2020-02-24 19:12 – Updated: 2022-04-22 17:29xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7595"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-02-18T18:58:16Z",
"nvd_published_at": "2020-01-21T23:15:00Z",
"severity": "HIGH"
},
"details": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\nThe Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.",
"id": "GHSA-7553-jr98-vx47",
"modified": "2022-04-22T17:29:45Z",
"published": "2020-02-24T19:12:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/1992"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4274-1"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200702-0005"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation"
}
GHSA-75G5-8M23-8X6W
Vulnerability from github – Published: 2025-07-08 03:30 – Updated: 2025-07-08 03:30SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
{
"affected": [],
"aliases": [
"CVE-2025-42954"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T01:15:22Z",
"severity": "LOW"
},
"details": "SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.",
"id": "GHSA-75g5-8m23-8x6w",
"modified": "2025-07-08T03:30:59Z",
"published": "2025-07-08T03:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42954"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3608156"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-773G-X274-8QMF
Vulnerability from github – Published: 2023-06-07 16:05 – Updated: 2023-06-07 16:05SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service.
This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time.
This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data.
{
"affected": [
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-nio-extras"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-nio-extras"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-nio-extras"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3252"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-07T16:05:48Z",
"nvd_published_at": "2022-09-21T19:15:00Z",
"severity": "HIGH"
},
"details": "SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (`HTTPRequestDecompressor` and `HTTPResponseDecompressor`) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service.\n\nThis issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time.\n\nThis risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data.",
"id": "GHSA-773g-x274-8qmf",
"modified": "2023-06-07T16:05:48Z",
"published": "2023-06-07T16:05:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-extras/security/advisories/GHSA-773g-x274-8qmf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3252"
},
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-extras/pull/177"
},
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-extras/pull/177/commits/359015de2c49e426c27b1d25dbf599b08a9d3ee6"
},
{
"type": "PACKAGE",
"url": "https://github.com/apple/swift-nio-extras"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression"
}
GHSA-7787-P7X6-FQ3J
Vulnerability from github – Published: 2023-12-08 15:23 – Updated: 2023-12-08 19:52Impact
The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record { * ; empty } and the canister interface expects record { * } then the rust candid decoder treats empty as an extra field required by the type. The problem with type empty is that the candid rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister.
For asset canister users, dfx versions >= 0.14.4 to <= 0.15.2-beta.0 ships asset canister with an affected version of candid.
Unaffected
- Rust canisters using candid
< 0.9.0or>= 0.9.10 - Rust canister interfaces of type other than
record { * } - Motoko based canisters
- dfx (for asset canister)
<= 0.14.3or>= 0.15.2
Patches
The issue has been patched in 0.9.10. All rust based canisters on candid versions >= 0.9.0 must upgrade their candid versions to >= 0.9.10 and deploy their canisters to mainnet as soon as possible.
Workarounds
There is no workaround for canisters using the affected versions of candid other than upgrading to patched version.
References
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "candid"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6245"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-08T15:23:22Z",
"nvd_published_at": "2023-12-08T15:15:08Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the rust candid decoder treats `empty` as an extra field required by the type. The problem with type `empty` is that the candid rust library wrongly categorizes `empty` as a recoverable error when skipping the field and thus causing an infinite decoding loop. \n\nCanisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister.\n\nFor asset canister users, `dfx` versions `\u003e= 0.14.4` to `\u003c= 0.15.2-beta.0` ships asset canister with an affected version of candid.\n\n#### Unaffected \n- Rust canisters using candid `\u003c 0.9.0` or `\u003e= 0.9.10` \n- Rust canister interfaces of type other than `record { * }`\n- Motoko based canisters\n- dfx (for asset canister) `\u003c= 0.14.3` or `\u003e= 0.15.2`\n\n\n### Patches\n\nThe issue has been patched in `0.9.10`. All rust based canisters on candid versions `\u003e= 0.9.0` must upgrade their candid versions to `\u003e= 0.9.10` and deploy their canisters to mainnet as soon as possible. \n\n### Workarounds\n\nThere is no workaround for canisters using the affected versions of candid other than upgrading to patched version.\n\n### References\n- [dfinity/candid/pull/478](https://github.com/dfinity/candid/pull/478)\n- [Candid Library Reference](https://internetcomputer.org/docs/current/references/candid-ref)\n- [Candid Specification](https://github.com/dfinity/candid/blob/master/spec/Candid.md)\n- [Internet Computer Specification](https://internetcomputer.org/docs/current/references/ic-interface-spec)",
"id": "GHSA-7787-p7x6-fq3j",
"modified": "2023-12-08T19:52:40Z",
"published": "2023-12-08T15:23:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6245"
},
{
"type": "WEB",
"url": "https://github.com/dfinity/candid/pull/478"
},
{
"type": "WEB",
"url": "https://github.com/dfinity/candid/commit/b233dbc2d2bcc79c9fc574dd5968269df680b073"
},
{
"type": "PACKAGE",
"url": "https://github.com/dfinity/candid"
},
{
"type": "WEB",
"url": "https://github.com/dfinity/candid/blob/master/spec/Candid.md"
},
{
"type": "WEB",
"url": "https://internetcomputer.org/docs/current/references/candid-ref"
},
{
"type": "WEB",
"url": "https://internetcomputer.org/docs/current/references/ic-interface-spec"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0073.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Candid infinite decoding loop through specially crafted payload"
}
GHSA-77V7-59C5-2XXH
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-24 21:30In the Linux kernel, the following vulnerability has been resolved:
exfat: add cluster chain loop check for dir
An infinite loop may occur if the following conditions occur due to file system corruption.
(1) Condition for exfat_count_dir_entries() to loop infinitely. - The cluster chain includes a loop. - There is no UNUSED entry in the cluster chain.
(2) Condition for exfat_create_upcase_table() to loop infinitely. - The cluster chain of the root directory includes a loop. - There are no UNUSED entry and up-case table entry in the cluster chain of the root directory.
(3) Condition for exfat_load_bitmap() to loop infinitely. - The cluster chain of the root directory includes a loop. - There are no UNUSED entry and bitmap entry in the cluster chain of the root directory.
(4) Condition for exfat_find_dir_entry() to loop infinitely. - The cluster chain includes a loop. - The unused directory entries were exhausted by some operation.
(5) Condition for exfat_check_dir_empty() to loop infinitely. - The cluster chain includes a loop. - The unused directory entries were exhausted by some operation. - All files and sub-directories under the directory are deleted.
This commit adds checks to break the above infinite loop.
{
"affected": [],
"aliases": [
"CVE-2025-38692"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.",
"id": "GHSA-77v7-59c5-2xxh",
"modified": "2025-11-24T21:30:56Z",
"published": "2025-09-05T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38692"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c3cda20c4cf1871e27868d08fda06b79bc7d568"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/868f23286c1a13162330fa6c614fe350f78e3f82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99f9a97dce39ad413c39b92c90393bbd6778f3fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa8fe7b7b73d4c9a41bb96cb3fb3092f794ecb33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2066ca3ef49a30920d8536fa366b2a183a808ee"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.