CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-MP4C-W7J9-95F4
Vulnerability from github – Published: 2023-01-12 06:30 – Updated: 2025-11-04 00:30Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2022-4345"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-mp4c-w7j9-95f4",
"modified": "2025-11-04T00:30:35Z",
"published": "2023-01-12T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4345"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPF2-Q34C-FC6J
Vulnerability from github – Published: 2019-07-22 14:53 – Updated: 2024-10-22 16:40scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is over the network or in a pcap. both work.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "scapy"
},
"ranges": [
{
"events": [
{
"introduced": "2.4-rc1"
},
{
"fixed": "2.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-1010142"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2019-07-22T14:21:26Z",
"nvd_published_at": "2019-07-19T16:15:00Z",
"severity": "HIGH"
},
"details": "scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: `_RADIUSAttrPacketListField.getfield(self..)`. The attack vector is over the network or in a pcap. both work.",
"id": "GHSA-mpf2-q34c-fc6j",
"modified": "2024-10-22T16:40:01Z",
"published": "2019-07-22T14:53:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010142"
},
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/pull/1409"
},
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/scapy/PYSEC-2019-120.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/secdev/scapy"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN"
},
{
"type": "WEB",
"url": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in scapy"
}
GHSA-MPFH-94P7-8328
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2026-01-30 12:31In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix RCU stall while reaping monitor destination ring
While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id.
However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash.
kernel log: ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed
Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
{
"affected": [],
"aliases": [
"CVE-2024-58097"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"id": "GHSA-mpfh-94p7-8328",
"modified": "2026-01-30T12:31:20Z",
"published": "2025-04-16T15:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQR3-725G-5QGW
Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2025-04-11 03:44avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
{
"affected": [],
"aliases": [
"CVE-2011-1002"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-02-22T19:00:00Z",
"severity": "MODERATE"
},
"details": "avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.",
"id": "GHSA-mqr3-725g-5qgw",
"modified": "2025-04-11T03:44:21Z",
"published": "2022-05-17T02:01:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1002"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:0436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:0779"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2011-1002"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667187"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65524"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65525"
},
{
"type": "WEB",
"url": "http://avahi.org/ticket/325"
},
{
"type": "WEB",
"url": "http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6"
},
{
"type": "WEB",
"url": "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/18/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/18/4"
},
{
"type": "WEB",
"url": "http://osvdb.org/70948"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43361"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43465"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43605"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43673"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44131"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1084-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2174"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:037"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/02/22/9"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0436.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0779.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46446"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0448"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0499"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0511"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0565"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0601"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0670"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0969"
},
{
"type": "WEB",
"url": "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MRX3-23H7-M29P
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
{
"affected": [],
"aliases": [
"CVE-2010-3880"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-10T19:00:00Z",
"severity": "MODERATE"
},
"details": "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.",
"id": "GHSA-mrx3-23h7-m29p",
"modified": "2022-05-13T01:23:45Z",
"published": "2022-05-13T01:23:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3880"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651264"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/04/9"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/05/3"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42126"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42789"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42890"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46397"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2126"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/44665"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/netdev/msg145899.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0024"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MWCW-C2X4-8C55
Vulnerability from github – Published: 2024-12-09 03:30 – Updated: 2025-11-04 16:54When nanoid is called with a fractional value, there were a number of undesirable effects:
- in browser and non-secure, the code infinite loops on while (size--)
- in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
- if the first call in node is a fractional argument, the initial buffer allocation fails with an error
Version 3.3.8 and 5.0.9 are fixed.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nanoid"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "5.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "nanoid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55565"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-09T22:42:43Z",
"nvd_published_at": "2024-12-09T02:15:19Z",
"severity": "MODERATE"
},
"details": "When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.",
"id": "GHSA-mwcw-c2x4-8c55",
"modified": "2025-11-04T16:54:54Z",
"published": "2024-12-09T03:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"type": "PACKAGE",
"url": "https://github.com/ai/nanoid"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Predictable results in nanoid generation when given non-integer values"
}
GHSA-MXWM-W839-25WJ
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
{
"affected": [],
"aliases": [
"CVE-2017-11446"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-19T07:29:00Z",
"severity": "HIGH"
},
"details": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.",
"id": "GHSA-mxwm-w839-25wj",
"modified": "2022-05-13T01:42:21Z",
"published": "2022-05-13T01:42:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11446"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/537"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4019"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99964"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P28X-HJ68-7VFP
Vulnerability from github – Published: 2024-04-08 15:30 – Updated: 2024-04-08 16:46An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ryu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-28732"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-08T16:46:52Z",
"nvd_published_at": "2024-04-08T14:15:07Z",
"severity": "HIGH"
},
"details": "An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
"id": "GHSA-p28x-hj68-7vfp",
"modified": "2024-04-08T16:46:52Z",
"published": "2024-04-08T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28732"
},
{
"type": "WEB",
"url": "https://github.com/faucetsdn/ryu/issues/188"
},
{
"type": "WEB",
"url": "https://gist.github.com/ErodedElk/1133d64dde2d92393a065edc9b243792"
},
{
"type": "PACKAGE",
"url": "https://github.com/faucetsdn/ryu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ryu Infinite Loop vulnerability"
}
GHSA-P2WX-23H7-P7R8
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
{
"affected": [],
"aliases": [
"CVE-2018-19108"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-08T08:29:00Z",
"severity": "MODERATE"
},
"details": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",
"id": "GHSA-p2wx-23h7-p7r8",
"modified": "2022-05-13T01:50:50Z",
"published": "2022-05-13T01:50:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19108"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/issues/426"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/pull/518"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4056-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3PX-2XX5-XMGX
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
{
"affected": [],
"aliases": [
"CVE-2017-9461"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-06T21:29:00Z",
"severity": "MODERATE"
},
"details": "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.",
"id": "GHSA-p3px-2xx5-xmgx",
"modified": "2025-04-20T03:38:32Z",
"published": "2022-05-13T01:47:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9461"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1950"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2778"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/864291"
},
{
"type": "WEB",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.