Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-H2GC-758G-276M

Vulnerability from github – Published: 2026-04-21 00:32 – Updated: 2026-04-21 00:32
VLAI
Details

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T00:16:29Z",
    "severity": "MODERATE"
  },
  "details": "In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.",
  "id": "GHSA-h2gc-758g-276m",
  "modified": "2026-04-21T00:32:14Z",
  "published": "2026-04-21T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f"
    },
    {
      "type": "WEB",
      "url": "https://www.openbsd.org/errata78.html"
    },
    {
      "type": "WEB",
      "url": "https://www.rfc-editor.org/rfc/rfc4861#section-4.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H436-432X-8FVX

Vulnerability from github – Published: 2019-03-14 15:41 – Updated: 2024-02-27 18:28
VLAI
Summary
Apache Commons Compress vulnerable to denial of service due to infinite loop
Details

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.commons:commons-compress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay:com.liferay.portal.tools.bundle.support"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.7"
            },
            {
              "fixed": "3.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.takari:commons-compress"
      },
      "versions": [
        "1.12"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:38:39Z",
    "nvd_published_at": "2018-03-16T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress\u0027 extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
  "id": "GHSA-h436-432x-8fvx",
  "modified": "2024-02-27T18:28:56Z",
  "published": "2019-03-14T15:41:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1324"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/commons-compress/commit/2a2f1dc48e22a34ddb72321a4db211da91aa933b"
    },
    {
      "type": "WEB",
      "url": "https://arxiv.org/pdf/2306.05534.pdf"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h436-432x-8fvx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/commons-compress"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jensdietrich/xshady-release/tree/main/CVE-2018-1324"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5532dc8d5456b5151e8c286801e2e5769f5c04118b29c3b5d13ea387@%3Cissues.beam.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Commons Compress vulnerable to denial of service due to infinite loop"
}

GHSA-H52P-PMHH-X2JV

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-19T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
  "id": "GHSA-h52p-pmhh-x2jv",
  "modified": "2022-05-24T19:11:42Z",
  "published": "2022-05-24T19:11:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31400"
    },
    {
      "type": "WEB",
      "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/608209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H552-2XRP-FMR5

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-17T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).",
  "id": "GHSA-h552-2xrp-fmr5",
  "modified": "2022-05-13T01:43:27Z",
  "published": "2022-05-13T01:43:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14519"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102701"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H56G-VJC8-2CGW

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-04T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.",
  "id": "GHSA-h56g-vjc8-2cgw",
  "modified": "2022-05-13T01:53:52Z",
  "published": "2022-05-13T01:53:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9257"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-22.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H754-3P37-55GV

Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat:

KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]",
  "id": "GHSA-h754-3p37-55gv",
  "modified": "2026-05-12T12:31:56Z",
  "published": "2024-06-21T12:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36288"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H77X-M5Q8-C29H

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-08-25 23:23
VLAI
Summary
Rack vulnerable to REDoS
Details

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-6109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:39:20Z",
    "nvd_published_at": "2013-03-01T05:40:00Z",
    "severity": "MODERATE"
  },
  "details": "`lib/rack/multipart.rb` in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.",
  "id": "GHSA-h77x-m5q8-c29h",
  "modified": "2023-08-25T23:23:23Z",
  "published": "2017-10-24T18:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:0544"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2012-6109"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/blob/master/README.rdoc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0544.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Rack vulnerable to REDoS"
}

GHSA-H7J7-PW3V-3V3X

Vulnerability from github – Published: 2018-10-18 16:49 – Updated: 2021-09-14 15:43
VLAI
Summary
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Details

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-10912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:39:23Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.",
  "id": "GHSA-h7j7-pw3v-3v3x",
  "modified": "2021-09-14T15:43:06Z",
  "published": "2018-10-18T16:49:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h7j7-pw3v-3v3x"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moderate severity vulnerability that affects org.keycloak:keycloak-core"
}

GHSA-H7Q8-VFF8-P3J8

Vulnerability from github – Published: 2024-07-09 15:30 – Updated: 2024-10-29 21:30
VLAI
Details

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T15:15:13Z",
    "severity": "MODERATE"
  },
  "details": "The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox \u003c 128.",
  "id": "GHSA-h7q8-vff8-p3j8",
  "modified": "2024-10-29T21:30:48Z",
  "published": "2024-07-09T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6614"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902983"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-29"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7V2-CVH5-XV63

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-14T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.",
  "id": "GHSA-h7v2-cvh5-xv63",
  "modified": "2022-05-13T01:42:50Z",
  "published": "2022-05-13T01:42:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/c2ef693866beae071a24b45c49f9674af1df4028"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2018:0705"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-23"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208221"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3971"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039307"
    },
    {
      "type": "WEB",
      "url": "http://www.tcpdump.org/tcpdump-changes.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.