Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-HR9R-8PHQ-5X8J

Vulnerability from github – Published: 2023-06-28 22:49 – Updated: 2023-07-03 18:39
VLAI
Summary
OpenFGA vulnerable to denial of service due to circular relationship
Details

Overview

OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.

Am I Affected?

You are affected by this vulnerability if you are using OpenFGA v1.1.0 or earlier, and if you are executing certain Check or ListObjects calls against a vulnerable authorization model. To see which of your models could be vulnerable to this attack, download OpenFGA v1.2.0 and run the following command:

./openfga validate-models --datastore-engine <ENGINE> --datastore-uri <URI> | jq .[] | select(.Error | contains("loop"))

replacing the variables <ENGINE> and <URI> as needed.

Fix

Upgrade to v1.1.1.

Backward Compatibility

If you are not passing an invalid authorization model (as identified by running ./openfga validate-models) as a parameter of your Check and ListObjects calls, this upgrade is backwards compatible.

Otherwise, OpenFGA v1.1.1 will start returning HTTP 400 status codes on those calls.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openfga/openfga"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-28T22:49:49Z",
    "nvd_published_at": "2023-06-26T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Overview\n\nOpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.\n\n### Am I Affected?\n\nYou are affected by this vulnerability if you are using OpenFGA v1.1.0 or earlier, and if you are executing certain [Check](https://openfga.dev/api/service#/Relationship%20Queries/Check) or [ListObjects](https://openfga.dev/api/service#/Relationship%20Queries/ListObjects) calls against a vulnerable authorization model. To see which of your models could be vulnerable to this attack, download OpenFGA v1.2.0 and run the following command: \n\n```\n./openfga validate-models --datastore-engine \u003cENGINE\u003e --datastore-uri \u003cURI\u003e | jq .[] | select(.Error | contains(\"loop\"))\n```\n\nreplacing the variables `\u003cENGINE\u003e` and `\u003cURI\u003e` as needed.\n\n### Fix\n\nUpgrade to v1.1.1.\n\n### Backward Compatibility\n\nIf you are not passing an invalid authorization model (as identified by running `./openfga validate-models`) as a parameter of your Check and ListObjects calls, this upgrade is backwards compatible. \n\nOtherwise, OpenFGA v1.1.1 will start returning HTTP 400 status codes on those calls.",
  "id": "GHSA-hr9r-8phq-5x8j",
  "modified": "2023-07-03T18:39:26Z",
  "published": "2023-06-28T22:49:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-hr9r-8phq-5x8j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35933"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openfga/openfga/commit/087ce392595f3c319ab3028b5089118ea4063452"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openfga/openfga"
    },
    {
      "type": "WEB",
      "url": "https://openfga.dev/api/service#/Relationship%20Queries/Check"
    },
    {
      "type": "WEB",
      "url": "https://openfga.dev/api/service#/Relationship%20Queries/ListObjects"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenFGA vulnerable to denial of service due to circular relationship"
}

GHSA-HRMR-F5M6-M9PQ

Vulnerability from github – Published: 2018-10-19 16:41 – Updated: 2024-06-05 17:11
VLAI
Summary
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Details

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.commons:commons-compress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7"
            },
            {
              "fixed": "1.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:40:55Z",
    "nvd_published_at": "2018-08-16T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17\u0027s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
  "id": "GHSA-hrmr-f5m6-m9pq",
  "modified": "2024-06-05T17:11:42Z",
  "published": "2018-10-19T16:41:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9cdd32af7d73e943452167d15801db39e8130409ebb9efb243b3f41@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f28052d04cb8dbaae39bfd3dc8438e58c2a8be306a3f381f4728d7c1@%3Ccommits.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/eeecc1669242b28a3777ae13c68b376b0148d589d3d8170340d61120@%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/e3eae9e6fc021c4c22dda59a335d21c12eecab480b48115a2f098ef6@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c7954dc1e8fafd7ca1449f078953b419ebf8936e087f235f3bd024be@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b907e70bc422905d7962fd18f863f746bf7b4e7ed9da25c148580c61@%3Cnotifications.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/714c6ac1b1b50f8557e7342903ef45f1538a7bc60a0b47d6e48c273d@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6c79965066c30d4e330e04d911d3761db41b82c89ae38d9a6b37a6f1@%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/35f60d6d0407c13c39411038ba1aca71d92595ed7041beff4d07f2ee@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/3565494c263dfeb4dcb2a71cb24d09a1ca285cd6ac74edc025a3af8a@%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/0adb631517766e793e18a59723e2df08ced41eb9a57478f14781c9f7@%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/commons-compress"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105139"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041503"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moderate severity vulnerability that affects org.apache.commons:commons-compress"
}

GHSA-HX96-9F4R-RWCP

Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix infinite loop when replaying fast_commit

When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable.

Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039.

This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range().

Thanks to Zhang Yi, for figuring out the real problem!

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!",
  "id": "GHSA-hx96-9f4r-rwcp",
  "modified": "2026-05-12T12:32:04Z",
  "published": "2024-08-17T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43828"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J29Q-2HMG-PFVH

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

Denial of service in modem due to missing null check while processing IP packets with padding

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in modem due to missing null check while processing IP packets with padding",
  "id": "GHSA-j29q-2hmg-pfvh",
  "modified": "2023-02-21T18:30:23Z",
  "published": "2023-02-12T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25734"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2XQ-PFFF-MVGG

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-06-29 18:54
VLAI
Summary
Loop with Unreachable Exit Condition in Apache PDFBox
Details

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.14"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pdfbox:pdfbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.8.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.10"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pdfbox:pdfbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0RC1"
            },
            {
              "fixed": "2.0.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T18:54:14Z",
    "nvd_published_at": "2018-07-03T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox\u0027s AFMParser.",
  "id": "GHSA-j2xq-pfff-mvgg",
  "modified": "2022-06-29T18:54:14Z",
  "published": "2022-05-13T01:53:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8036"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Loop with Unreachable Exit Condition in Apache PDFBox"
}

GHSA-J36C-72RW-944M

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38
VLAI
Details

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-23T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.",
  "id": "GHSA-j36c-72rw-944m",
  "modified": "2025-04-20T03:38:11Z",
  "published": "2022-05-13T01:47:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9208"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3638-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3J5-W2HQ-CW74

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-02-03 21:30
VLAI
Details

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-08T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.",
  "id": "GHSA-j3j5-w2hq-cw74",
  "modified": "2023-02-03T21:30:27Z",
  "published": "2022-05-24T16:58:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17350"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Jan/21"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4602"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xen.org/xsa/advisory-295.html"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-295.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3VC-4CHV-32MW

Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2024-06-10 18:30
VLAI
Details

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T14:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile.  This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.",
  "id": "GHSA-j3vc-4chv-32mw",
  "modified": "2024-06-10T18:30:54Z",
  "published": "2024-04-12T15:37:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2397"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3WR-M6XH-64HG

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2026-02-24 16:08
VLAI
Summary
LlamaIndex Improper Handling of Exceptional Conditions vulnerability
Details

A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "llama-index-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-12704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-21T17:40:52Z",
    "nvd_published_at": "2025-03-20T10:15:29Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.",
  "id": "GHSA-j3wr-m6xh-64hg",
  "modified": "2026-02-24T16:08:07Z",
  "published": "2025-03-20T12:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12704"
    },
    {
      "type": "WEB",
      "url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/run-llama/llama_index"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LlamaIndex Improper Handling of Exceptional Conditions vulnerability"
}

GHSA-J49F-WWVQ-PVP4

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm: iptfs: validate inner IPv4 header length in IPTFS payload

Add validation of the inner IPv4 packet tot_len and ihl fields parsed from decrypted IPTFS payloads in __input_process_payload(). A crafted ESP packet containing an inner IPv4 header with tot_len=0 causes an infinite loop: iplen=0 leads to capturelen=min(0, remaining)=0, so the data offset never advances and the while(data < tail) loop never terminates, spinning forever in softirq context.

Reject inner IPv4 packets where tot_len < ihl4 or ihl4 < sizeof(struct iphdr), which catches both the tot_len=0 case and malformed ihl values. The normal IP stack performs this validation in ip_rcv_core(), but IPTFS extracts and processes inner packets before they reach that layer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: validate inner IPv4 header length in IPTFS payload\n\nAdd validation of the inner IPv4 packet tot_len and ihl fields parsed\nfrom decrypted IPTFS payloads in __input_process_payload(). A crafted\nESP packet containing an inner IPv4 header with tot_len=0 causes an\ninfinite loop: iplen=0 leads to capturelen=min(0, remaining)=0, so the\ndata offset never advances and the while(data \u003c tail) loop never\nterminates, spinning forever in softirq context.\n\nReject inner IPv4 packets where tot_len \u003c ihl*4 or ihl*4 \u003c sizeof(struct\niphdr), which catches both the tot_len=0 case and malformed ihl values.\nThe normal IP stack performs this validation in ip_rcv_core(), but IPTFS\nextracts and processes inner packets before they reach that layer.",
  "id": "GHSA-j49f-wwvq-pvp4",
  "modified": "2026-04-28T00:31:40Z",
  "published": "2026-04-22T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31472"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d10393d5eac33cbd92f7a41fddca12c41d3cb7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3db7d4f777a00164582061ccaa99569cd85011a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de6d8e8ce5187f7402c9859b443355e7120c5f09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.