CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-RJ7P-RFGP-852X
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-06-27 16:12In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.12.0"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.thrift:libthrift"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-0205"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-27T16:12:09Z",
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "HIGH"
},
"details": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.",
"id": "GHSA-rj7p-rfgp-852x",
"modified": "2022-06-27T16:12:09Z",
"published": "2022-05-24T17:00:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4@%3Cuser.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625@%3Cuser.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337@%3Cnotifications.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-32"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3@%3Cuser.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loop with Unreachable Exit Condition in Apache Thrift"
}
GHSA-RMH2-65XW-9M6Q
Vulnerability from github – Published: 2021-05-18 18:26 – Updated: 2024-05-20 19:47The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/buger/jsonparser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10675"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-04T21:51:17Z",
"nvd_published_at": "2020-03-19T14:15:00Z",
"severity": "HIGH"
},
"details": "The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.",
"id": "GHSA-rmh2-65xw-9m6q",
"modified": "2024-05-20T19:47:11Z",
"published": "2021-05-18T18:26:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10675"
},
{
"type": "WEB",
"url": "https://github.com/buger/jsonparser/issues/188"
},
{
"type": "WEB",
"url": "https://github.com/buger/jsonparser/pull/192"
},
{
"type": "WEB",
"url": "https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717"
},
{
"type": "PACKAGE",
"url": "https://github.com/buger/jsonparser"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0089"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in jsonparser"
}
GHSA-RP45-6HQ7-5W57
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
{
"affected": [],
"aliases": [
"CVE-2018-5650"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-12T22:29:00Z",
"severity": "MODERATE"
},
"details": "In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.",
"id": "GHSA-rp45-6hq7-5w57",
"modified": "2022-05-13T01:07:36Z",
"published": "2022-05-13T01:07:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5650"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/88"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RP5V-CHQ5-PW9Q
Vulnerability from github – Published: 2025-06-12 12:32 – Updated: 2025-06-12 12:32An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2025-0673"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-12T11:15:18Z",
"severity": "HIGH"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.",
"id": "GHSA-rp5v-chq5-pw9q",
"modified": "2025-06-12T12:32:04Z",
"published": "2025-06-12T12:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0673"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2936949"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514732"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQ7R-P3CV-R9GR
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.
{
"affected": [],
"aliases": [
"CVE-2017-7704"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T23:59:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.",
"id": "GHSA-rq7r-p3cv-r9gr",
"modified": "2025-04-20T03:36:01Z",
"published": "2022-05-13T01:47:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7704"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6032b0fe5fc1176ab77e03e20765f95fbd21b19e"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=da53a90b6895e47e03c5de05edf84bd99d535fd8"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201706-12"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-17.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97634"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038262"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQP2-J5G9-2583
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-03-03 21:30In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
{
"affected": [],
"aliases": [
"CVE-2019-14372"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-28T19:15:00Z",
"severity": "MODERATE"
},
"details": "In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.",
"id": "GHSA-rqp2-j5g9-2583",
"modified": "2023-03-03T21:30:20Z",
"published": "2022-05-24T16:51:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14372"
},
{
"type": "WEB",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1165"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQRC-8Q8F-CP9C
Vulnerability from github – Published: 2022-04-08 18:11 – Updated: 2022-04-08 18:11A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Bond.Core.CSharp"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1469"
],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-08T18:11:51Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka \u0027Bond Denial of Service Vulnerability\u0027. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.",
"id": "GHSA-rqrc-8q8f-cp9c",
"modified": "2022-04-08T18:11:51Z",
"published": "2022-04-08T18:11:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/bond"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469"
},
{
"type": "WEB",
"url": "https://www.nuget.org/packages/Bond.Core.CSharp/9.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite loop in .Net Bond"
}
GHSA-RQXX-J33Q-88VV
Vulnerability from github – Published: 2022-05-02 03:39 – Updated: 2025-04-09 04:15smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
{
"affected": [],
"aliases": [
"CVE-2009-2906"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-10-07T18:30:00Z",
"severity": "MODERATE"
},
"details": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.",
"id": "GHSA-rqxx-j33q-88vv",
"modified": "2025-04-09T04:15:11Z",
"published": "2022-05-02T03:39:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2906"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1528"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2009-2906"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526645"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.0.37"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.2.15"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.3.8"
},
{
"type": "WEB",
"url": "http://news.samba.org/releases/3.4.2"
},
{
"type": "WEB",
"url": "http://osvdb.org/58519"
},
{
"type": "WEB",
"url": "http://samba.org/samba/security/CVE-2009-2906.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36893"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36918"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36937"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36953"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37428"
},
{
"type": "WEB",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4077"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/36573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1022976"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-839-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/2810"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RV4C-7XGC-3X93
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
{
"affected": [],
"aliases": [
"CVE-2019-1000020"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-04T21:29:00Z",
"severity": "MODERATE"
},
"details": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.",
"id": "GHSA-rv4c-7xgc-3x93",
"modified": "2022-05-13T01:21:42Z",
"published": "2022-05-13T01:21:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000020"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/pull/1120"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2298"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3698"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3884-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RV63-GQM8-9W8Q
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-07-06 19:54handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-handler"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0.Alpha1"
},
{
"fixed": "4.0.37.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-handler"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0.Beta1"
},
{
"fixed": "4.1.1.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-4970"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:54:08Z",
"nvd_published_at": "2017-04-13T14:59:00Z",
"severity": "HIGH"
},
"details": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).",
"id": "GHSA-rv63-gqm8-9w8q",
"modified": "2022-07-06T19:54:08Z",
"published": "2022-05-13T01:11:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/pull/5364"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"type": "WEB",
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"type": "WEB",
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loop with Unreachable Exit Condition in Netty"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.