CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-HR9R-8PHQ-5X8J
Vulnerability from github – Published: 2023-06-28 22:49 – Updated: 2023-07-03 18:39Overview
OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.
Am I Affected?
You are affected by this vulnerability if you are using OpenFGA v1.1.0 or earlier, and if you are executing certain Check or ListObjects calls against a vulnerable authorization model. To see which of your models could be vulnerable to this attack, download OpenFGA v1.2.0 and run the following command:
./openfga validate-models --datastore-engine <ENGINE> --datastore-uri <URI> | jq .[] | select(.Error | contains("loop"))
replacing the variables <ENGINE> and <URI> as needed.
Fix
Upgrade to v1.1.1.
Backward Compatibility
If you are not passing an invalid authorization model (as identified by running ./openfga validate-models) as a parameter of your Check and ListObjects calls, this upgrade is backwards compatible.
Otherwise, OpenFGA v1.1.1 will start returning HTTP 400 status codes on those calls.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/openfga/openfga"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-35933"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-28T22:49:49Z",
"nvd_published_at": "2023-06-26T20:15:10Z",
"severity": "MODERATE"
},
"details": "### Overview\n\nOpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.\n\n### Am I Affected?\n\nYou are affected by this vulnerability if you are using OpenFGA v1.1.0 or earlier, and if you are executing certain [Check](https://openfga.dev/api/service#/Relationship%20Queries/Check) or [ListObjects](https://openfga.dev/api/service#/Relationship%20Queries/ListObjects) calls against a vulnerable authorization model. To see which of your models could be vulnerable to this attack, download OpenFGA v1.2.0 and run the following command: \n\n```\n./openfga validate-models --datastore-engine \u003cENGINE\u003e --datastore-uri \u003cURI\u003e | jq .[] | select(.Error | contains(\"loop\"))\n```\n\nreplacing the variables `\u003cENGINE\u003e` and `\u003cURI\u003e` as needed.\n\n### Fix\n\nUpgrade to v1.1.1.\n\n### Backward Compatibility\n\nIf you are not passing an invalid authorization model (as identified by running `./openfga validate-models`) as a parameter of your Check and ListObjects calls, this upgrade is backwards compatible. \n\nOtherwise, OpenFGA v1.1.1 will start returning HTTP 400 status codes on those calls.",
"id": "GHSA-hr9r-8phq-5x8j",
"modified": "2023-07-03T18:39:26Z",
"published": "2023-06-28T22:49:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-hr9r-8phq-5x8j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35933"
},
{
"type": "WEB",
"url": "https://github.com/openfga/openfga/commit/087ce392595f3c319ab3028b5089118ea4063452"
},
{
"type": "PACKAGE",
"url": "https://github.com/openfga/openfga"
},
{
"type": "WEB",
"url": "https://openfga.dev/api/service#/Relationship%20Queries/Check"
},
{
"type": "WEB",
"url": "https://openfga.dev/api/service#/Relationship%20Queries/ListObjects"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenFGA vulnerable to denial of service due to circular relationship"
}
GHSA-HRMR-F5M6-M9PQ
Vulnerability from github – Published: 2018-10-19 16:41 – Updated: 2024-06-05 17:11When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-compress"
},
"ranges": [
{
"events": [
{
"introduced": "1.7"
},
{
"fixed": "1.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-11771"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:40:55Z",
"nvd_published_at": "2018-08-16T15:29:00Z",
"severity": "MODERATE"
},
"details": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17\u0027s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
"id": "GHSA-hrmr-f5m6-m9pq",
"modified": "2024-06-05T17:11:42Z",
"published": "2018-10-19T16:41:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9cdd32af7d73e943452167d15801db39e8130409ebb9efb243b3f41@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f28052d04cb8dbaae39bfd3dc8438e58c2a8be306a3f381f4728d7c1@%3Ccommits.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/eeecc1669242b28a3777ae13c68b376b0148d589d3d8170340d61120@%3Cdev.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/e3eae9e6fc021c4c22dda59a335d21c12eecab480b48115a2f098ef6@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c7954dc1e8fafd7ca1449f078953b419ebf8936e087f235f3bd024be@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b907e70bc422905d7962fd18f863f746bf7b4e7ed9da25c148580c61@%3Cnotifications.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/714c6ac1b1b50f8557e7342903ef45f1538a7bc60a0b47d6e48c273d@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6c79965066c30d4e330e04d911d3761db41b82c89ae38d9a6b37a6f1@%3Cdev.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/35f60d6d0407c13c39411038ba1aca71d92595ed7041beff4d07f2ee@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3565494c263dfeb4dcb2a71cb24d09a1ca285cd6ac74edc025a3af8a@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/0adb631517766e793e18a59723e2df08ced41eb9a57478f14781c9f7@%3Cdev.tinkerpop.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-compress"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105139"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moderate severity vulnerability that affects org.apache.commons:commons-compress"
}
GHSA-HX96-9F4R-RWCP
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2026-05-12 12:32In the Linux kernel, the following vulnerability has been resolved:
ext4: fix infinite loop when replaying fast_commit
When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable.
Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039.
This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range().
Thanks to Zhang Yi, for figuring out the real problem!
{
"affected": [],
"aliases": [
"CVE-2024-43828"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct. ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!",
"id": "GHSA-hx96-9f4r-rwcp",
"modified": "2026-05-12T12:32:04Z",
"published": "2024-08-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43828"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J29Q-2HMG-PFVH
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Denial of service in modem due to missing null check while processing IP packets with padding
{
"affected": [],
"aliases": [
"CVE-2022-25734"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in modem due to missing null check while processing IP packets with padding",
"id": "GHSA-j29q-2hmg-pfvh",
"modified": "2023-02-21T18:30:23Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25734"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2XQ-PFFF-MVGG
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-06-29 18:54In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.14"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.pdfbox:pdfbox"
},
"ranges": [
{
"events": [
{
"introduced": "1.8.0"
},
{
"fixed": "1.8.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.10"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.pdfbox:pdfbox"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0RC1"
},
{
"fixed": "2.0.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-8036"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-29T18:54:14Z",
"nvd_published_at": "2018-07-03T20:29:00Z",
"severity": "MODERATE"
},
"details": "In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox\u0027s AFMParser.",
"id": "GHSA-j2xq-pfff-mvgg",
"modified": "2022-06-29T18:54:14Z",
"published": "2022-05-13T01:53:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8036"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loop with Unreachable Exit Condition in Apache PDFBox"
}
GHSA-J36C-72RW-944M
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
{
"affected": [],
"aliases": [
"CVE-2017-9208"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T04:29:00Z",
"severity": "MODERATE"
},
"details": "libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.",
"id": "GHSA-j36c-72rw-944m",
"modified": "2025-04-20T03:38:11Z",
"published": "2022-05-13T01:47:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9208"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3638-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3J5-W2HQ-CW74
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-02-03 21:30An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
{
"affected": [],
"aliases": [
"CVE-2019-17350"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-08T00:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.",
"id": "GHSA-j3j5-w2hq-cw74",
"modified": "2023-02-03T21:30:27Z",
"published": "2022-05-24T16:58:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17350"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-295.html"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-295.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3VC-4CHV-32MW
Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2024-06-10 18:30Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
{
"affected": [],
"aliases": [
"CVE-2024-2397"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T14:15:07Z",
"severity": "MODERATE"
},
"details": "Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.",
"id": "GHSA-j3vc-4chv-32mw",
"modified": "2024-06-10T18:30:54Z",
"published": "2024-04-12T15:37:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2397"
},
{
"type": "WEB",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3WR-M6XH-64HG
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2026-02-24 16:08A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "llama-index-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12704"
],
"database_specific": {
"cwe_ids": [
"CWE-755",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T17:40:52Z",
"nvd_published_at": "2025-03-20T10:15:29Z",
"severity": "HIGH"
},
"details": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.",
"id": "GHSA-j3wr-m6xh-64hg",
"modified": "2026-02-24T16:08:07Z",
"published": "2025-03-20T12:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12704"
},
{
"type": "WEB",
"url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"
},
{
"type": "PACKAGE",
"url": "https://github.com/run-llama/llama_index"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "LlamaIndex Improper Handling of Exceptional Conditions vulnerability"
}
GHSA-J49F-WWVQ-PVP4
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 00:31In the Linux kernel, the following vulnerability has been resolved:
xfrm: iptfs: validate inner IPv4 header length in IPTFS payload
Add validation of the inner IPv4 packet tot_len and ihl fields parsed from decrypted IPTFS payloads in __input_process_payload(). A crafted ESP packet containing an inner IPv4 header with tot_len=0 causes an infinite loop: iplen=0 leads to capturelen=min(0, remaining)=0, so the data offset never advances and the while(data < tail) loop never terminates, spinning forever in softirq context.
Reject inner IPv4 packets where tot_len < ihl4 or ihl4 < sizeof(struct iphdr), which catches both the tot_len=0 case and malformed ihl values. The normal IP stack performs this validation in ip_rcv_core(), but IPTFS extracts and processes inner packets before they reach that layer.
{
"affected": [],
"aliases": [
"CVE-2026-31472"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: validate inner IPv4 header length in IPTFS payload\n\nAdd validation of the inner IPv4 packet tot_len and ihl fields parsed\nfrom decrypted IPTFS payloads in __input_process_payload(). A crafted\nESP packet containing an inner IPv4 header with tot_len=0 causes an\ninfinite loop: iplen=0 leads to capturelen=min(0, remaining)=0, so the\ndata offset never advances and the while(data \u003c tail) loop never\nterminates, spinning forever in softirq context.\n\nReject inner IPv4 packets where tot_len \u003c ihl*4 or ihl*4 \u003c sizeof(struct\niphdr), which catches both the tot_len=0 case and malformed ihl values.\nThe normal IP stack performs this validation in ip_rcv_core(), but IPTFS\nextracts and processes inner packets before they reach that layer.",
"id": "GHSA-j49f-wwvq-pvp4",
"modified": "2026-04-28T00:31:40Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31472"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d10393d5eac33cbd92f7a41fddca12c41d3cb7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3db7d4f777a00164582061ccaa99569cd85011a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de6d8e8ce5187f7402c9859b443355e7120c5f09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.