CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-8M8H-XWP6-PGJF
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
{
"affected": [],
"aliases": [
"CVE-2025-63829"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T17:16:12Z",
"severity": "MODERATE"
},
"details": "eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.",
"id": "GHSA-8m8h-xwp6-pgjf",
"modified": "2025-11-18T18:32:54Z",
"published": "2025-11-18T18:32:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63829"
},
{
"type": "WEB",
"url": "https://gist.github.com/lkloliver/b00377bec754d4aa1dc731be210d5889"
},
{
"type": "WEB",
"url": "https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/fastdds/core/Time_t.cpp#L67"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8M9G-647G-5PXW
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-07 16:04An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/Yubico/yubihsm-connector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28484"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T16:04:45Z",
"nvd_published_at": "2021-04-14T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.",
"id": "GHSA-8m9g-647g-5pxw",
"modified": "2021-05-07T16:04:45Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28484"
},
{
"type": "WEB",
"url": "https://github.com/Yubico/yubihsm-connector/commit/82bdf202c53460bac9106cc9b4b34a0a16cae0ed"
},
{
"type": "WEB",
"url": "https://github.com/Yubico/yubihsm-connector/releases"
},
{
"type": "WEB",
"url": "https://www.yubico.com/support/security-advisories/ysa-2021-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R",
"type": "CVSS_V3"
}
],
"summary": "Infinite loop in Yubico yubihsm-connector"
}
GHSA-8MMP-C685-53VW
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-08-05 00:00encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
{
"affected": [],
"aliases": [
"CVE-2021-27918"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T00:15:00Z",
"severity": "HIGH"
},
"details": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"id": "GHSA-8mmp-c685-53vw",
"modified": "2022-08-05T00:00:28Z",
"published": "2022-05-24T17:44:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MVJ-3J78-4QMW
Vulnerability from github – Published: 2025-08-26 16:19 – Updated: 2025-09-10 21:07Impact
User control of the first argument of the addImage method results in CPU utilization and denial of service.
If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.
Other affected methods are: html.
Example payload:
import { jsPDF } from "jspdf"
const payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])
const doc = new jsPDF();
const startTime = performance.now();
try {
doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");
} finally {
const endTime = performance.now();
console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);
}
Patches
The vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@>=3.0.2.
In jspdf@>=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.
Workarounds
Sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Credits
Researcher: Aleksey Solovev (Positive Technologies)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.1"
},
"package": {
"ecosystem": "npm",
"name": "jspdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-57810"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-26T16:19:04Z",
"nvd_published_at": "2025-08-26T16:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\nUser control of the first argument of the addImage method results in CPU utilization and denial of service.\n\nIf given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.\n\nOther affected methods are: `html`.\n\nExample payload:\n\n```js\nimport { jsPDF } from \"jspdf\" \n\nconst payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])\n\nconst doc = new jsPDF();\nconst startTime = performance.now();\ntry {\n doc.addImage(payload, \"PNG\", 10, 40, 180, 180, undefined, \"SLOW\");\n} finally {\n const endTime = performance.now();\n console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);\n}\n```\n\n### Patches\nThe vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@\u003e=3.0.2.\n\nIn jspdf@\u003e=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.\n\n### Workarounds\nSanitize image data or URLs before passing it to the addImage method or one of the other affected methods.\n\n### Credits\nResearcher: Aleksey Solovev (Positive Technologies)",
"id": "GHSA-8mvj-3j78-4qmw",
"modified": "2025-09-10T21:07:04Z",
"published": "2025-08-26T16:19:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"type": "PACKAGE",
"url": "https://github.com/parallax/jsPDF"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "jsPDF Denial of Service (DoS)"
}
GHSA-8PP8-7WVW-F67F
Vulnerability from github – Published: 2022-05-13 01:51 – Updated: 2022-05-13 01:51libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.
{
"affected": [],
"aliases": [
"CVE-2018-20348"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-22T00:29:00Z",
"severity": "MODERATE"
},
"details": "libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.",
"id": "GHSA-8pp8-7wvw-f67f",
"modified": "2022-05-13T01:51:00Z",
"published": "2022-05-13T01:51:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20348"
},
{
"type": "WEB",
"url": "https://github.com/libyal/libpff/issues/48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8PW9-7GV3-535C
Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2026-05-12 15:30In the Linux kernel, the following vulnerability has been resolved:
exfat: fix the infinite loop in exfat_readdir()
If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop.
This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs().
This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop.
{
"affected": [],
"aliases": [
"CVE-2024-57940"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T13:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the infinite loop in exfat_readdir()\n\nIf the file system is corrupted so that a cluster is linked to\nitself in the cluster chain, and there is an unused directory\nentry in the cluster, \u0027dentry\u0027 will not be incremented, causing\ncondition \u0027dentry \u003c max_dentries\u0027 unable to prevent an infinite\nloop.\n\nThis infinite loop causes s_lock not to be released, and other\ntasks will hang, such as exfat_sync_fs().\n\nThis commit stops traversing the cluster chain when there is unused\ndirectory entry in the cluster to avoid this infinite loop.",
"id": "GHSA-8pw9-7gv3-535c",
"modified": "2026-05-12T15:30:44Z",
"published": "2025-01-21T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57940"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31beabd0f47f8c3ed9965ba861c9e5b252d4920a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8cfbb8723bd3d3222f360227a1cc15227189ca6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9ea94f5cd117d56e573696d0045ab3044185a15"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc1d7afceb982e8f666e70a582e6b5aa806de063"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fee873761bd978d077d8c55334b4966ac4cb7b59"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8Q6Q-3849-7CM3
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
{
"affected": [],
"aliases": [
"CVE-2017-6014"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T07:59:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.",
"id": "GHSA-8q6q-3849-7cm3",
"modified": "2022-05-13T01:46:24Z",
"published": "2022-05-13T01:46:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6014"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201706-12"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3811"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96284"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QPF-FV36-H4R8
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-11-02 00:42A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.138"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1999044"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-02T00:42:37Z",
"nvd_published_at": "2018-08-23T18:29:00Z",
"severity": "MODERATE"
},
"details": "A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. \"Poll SCM\", \"Build periodically\") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.\n",
"id": "GHSA-8qpf-fv36-h4r8",
"modified": "2022-11-02T00:42:37Z",
"published": "2022-05-13T01:50:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999044"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/e5046911c57e60a1d6d8aca9b21bd9093b0f3763"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in Jenkins Core"
}
GHSA-8QVV-3Q23-2876
Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-20 03:44There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-13728"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-29T06:29:00Z",
"severity": "HIGH"
},
"details": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-8qvv-3q23-2876",
"modified": "2025-04-20T03:44:00Z",
"published": "2022-05-13T01:09:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484274"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201804-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R3F-844C-MC37
Vulnerability from github – Published: 2024-03-06 00:31 – Updated: 2024-11-07 19:19The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "google.golang.org/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.33.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "google.golang.org/protobuf/encoding/protojson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.33.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "google.golang.org/protobuf/internal/encoding/json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.33.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24786"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-13T21:01:28Z",
"nvd_published_at": "2024-03-05T23:15:07Z",
"severity": "MODERATE"
},
"details": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"id": "GHSA-8r3f-844c-mc37",
"modified": "2024-11-07T19:19:40Z",
"published": "2024-03-06T00:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023"
},
{
"type": "PACKAGE",
"url": "https://github.com/protocolbuffers/protobuf-go"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0"
},
{
"type": "WEB",
"url": "https://go.dev/cl/569356"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240517-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.