Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-VQ2F-VCC9-J8MV

Vulnerability from github – Published: 2026-06-19 20:46 – Updated: 2026-06-19 20:46
VLAI
Summary
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Details

Impact

Given a malformed {% case %} tag without associated {% when %} or {% else %} block, and no terminating {% endcase %} tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack.

Patches

The issue is fixed in version 2.2.1 with the correction of the liquid.TokenStream.eof attribute. The kind and value of the special EOF token are now the same, so either can be tested against liquid.token.TOKEN_EOF.

Workarounds

Manually correct the definition of liquid.TokenStream.eof before parsing any templates.

import liquid
from liquid.token import TOKEN_EOF

liquid.stream.TokenStream.eof = liquid.Token(TOKEN_EOF, TOKEN_EOF, -1, "")

# ...
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "python-liquid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T20:46:34Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nGiven a malformed `{% case %}` tag without associated `{% when %}` or `{% else %}` block, and no terminating `{% endcase %}` tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack.\n\n### Patches\nThe issue is fixed in version 2.2.1 with the correction of the `liquid.TokenStream.eof` attribute. The `kind` and `value` of the special EOF token are now the same, so either can be tested against `liquid.token.TOKEN_EOF`.\n\n### Workarounds\nManually correct the definition of `liquid.TokenStream.eof` before parsing any templates.\n\n```python\nimport liquid\nfrom liquid.token import TOKEN_EOF\n\nliquid.stream.TokenStream.eof = liquid.Token(TOKEN_EOF, TOKEN_EOF, -1, \"\")\n\n# ...\n```",
  "id": "GHSA-vq2f-vcc9-j8mv",
  "modified": "2026-06-19T20:46:34Z",
  "published": "2026-06-19T20:46:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jg-rp/liquid/security/advisories/GHSA-vq2f-vcc9-j8mv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jg-rp/liquid"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Liquid: Infinite loop when parsing malformed `{% case %}` tags"
}

GHSA-VRGF-3RC5-R59F

Vulnerability from github – Published: 2022-11-28 21:30 – Updated: 2022-12-02 00:30
VLAI
Details

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-28T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.",
  "id": "GHSA-vrgf-3rc5-r59f",
  "modified": "2022-12-02T00:30:25Z",
  "published": "2022-11-28T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4104"
    },
    {
      "type": "WEB",
      "url": "https://tenable.com/security/research/TRA-2022-35"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRV2-GJV8-MW36

Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:46
VLAI
Details

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T09:15:18Z",
    "severity": "MODERATE"
  },
  "details": "A loop with unreachable exit condition (\u0027infinite loop\u0027) in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions,  FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.",
  "id": "GHSA-vrv2-gjv8-mw36",
  "modified": "2024-04-04T04:46:00Z",
  "published": "2023-06-13T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33305"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRX2-77F2-WW34

Vulnerability from github – Published: 2026-04-22 21:25 – Updated: 2026-04-22 21:25
VLAI
Summary
justhtml has sanitization bypass in custom policies and programmatic DOM
Details

Summary

justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.

Most of these issues affected advanced or custom configurations rather than the default safe path.

Affected versions

  • justhtml <= 1.16.0

Fixed version

  • justhtml 1.17.0 released on April 19, 2026

Impact

Custom SVG / MathML sanitization policies

Custom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:

  • active HTML integration points such as SVG <foreignObject>, MathML <annotation-xml encoding="text/html">, SVG <title> / <desc>, and MathML text integration points
  • mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse
  • SVG filter="url(...)" attributes that could trigger external fetches

These issues affected: - JustHTML(..., sanitize=True) with custom foreign-namespace policies - sanitize() / sanitize_dom() - low-level terminal Sanitize(...) transform execution

Preserved <style> handling

Constructor-time sanitization and explicit Sanitize(...) transforms did not fully match sanitize() / sanitize_dom() when custom policies preserved <style>.

That could leave resource-loading CSS such as @import or background-image:url(...) in sanitized output from HTML string input.

Programmatic DOM serialization

Programmatic script, style, and Comment(...) nodes could still serialize into active markup in some edge cases.

This could affect applications that build or mutate DOM trees directly before calling to_html() or to_markdown(html_passthrough=True).

Cache mutation and DOM cycle handling

Two lower-severity hardening fixes were included:

  • compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization
  • parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as to_html() and sanitize_dom()

Default configuration

Most of the issues above did not affect ordinary parsed HTML with the default JustHTML(..., sanitize=True) configuration.

The main risk areas were:

  • custom policies that preserve SVG or MathML
  • custom policies that preserve <style>
  • programmatic DOM construction or mutation
  • low-level direct sanitizer/transform APIs

Recommended action

Upgrade to justhtml 1.17.0.

If users cannot upgrade immediately:

  • avoid preserving SVG or MathML for untrusted input
  • avoid preserving <style> for untrusted input
  • avoid mutating programmatic DOM trees with untrusted script, style, or comment content
  • avoid mutating warmed policy internals or sanitizer caches

Credit

Discovered during an internal security review of justhtml.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "justhtml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-436",
      "CWE-471",
      "CWE-79",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T21:25:46Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\n`justhtml` `1.17.0` fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.\n\nMost of these issues affected advanced or custom configurations rather than the default safe path.\n\n## Affected versions\n\n- `justhtml` `\u003c= 1.16.0`\n\n## Fixed version\n\n- `justhtml` `1.17.0` released on April 19, 2026\n\n## Impact\n\n### Custom SVG / MathML sanitization policies\nCustom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:\n\n- active HTML integration points such as SVG `\u003cforeignObject\u003e`, MathML `\u003cannotation-xml encoding=\"text/html\"\u003e`, SVG `\u003ctitle\u003e` / `\u003cdesc\u003e`, and MathML text integration points\n- mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse\n- SVG `filter=\"url(...)\"` attributes that could trigger external fetches\n\nThese issues affected:\n- `JustHTML(..., sanitize=True)` with custom foreign-namespace policies\n- `sanitize()` / `sanitize_dom()`\n- low-level terminal `Sanitize(...)` transform execution\n\n### Preserved `\u003cstyle\u003e` handling\nConstructor-time sanitization and explicit `Sanitize(...)` transforms did not fully match `sanitize()` / `sanitize_dom()` when custom policies preserved `\u003cstyle\u003e`.\n\nThat could leave resource-loading CSS such as `@import` or `background-image:url(...)` in sanitized output from HTML string input.\n\n### Programmatic DOM serialization\nProgrammatic `script`, `style`, and `Comment(...)` nodes could still serialize into active markup in some edge cases.\n\nThis could affect applications that build or mutate DOM trees directly before calling `to_html()` or `to_markdown(html_passthrough=True)`.\n\n### Cache mutation and DOM cycle handling\nTwo lower-severity hardening fixes were included:\n\n- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization\n- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as `to_html()` and `sanitize_dom()`\n\n## Default configuration\n\nMost of the issues above did **not** affect ordinary parsed HTML with the default `JustHTML(..., sanitize=True)` configuration.\n\nThe main risk areas were:\n\n- custom policies that preserve SVG or MathML\n- custom policies that preserve `\u003cstyle\u003e`\n- programmatic DOM construction or mutation\n- low-level direct sanitizer/transform APIs\n\n## Recommended action\n\nUpgrade to `justhtml` `1.17.0`.\n\nIf users cannot upgrade immediately:\n\n- avoid preserving SVG or MathML for untrusted input\n- avoid preserving `\u003cstyle\u003e` for untrusted input\n- avoid mutating programmatic DOM trees with untrusted `script`, `style`, or comment content\n- avoid mutating warmed policy internals or sanitizer caches\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.",
  "id": "GHSA-vrx2-77f2-ww34",
  "modified": "2026-04-22T21:25:46Z",
  "published": "2026-04-22T21:25:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/EmilStenstrom/justhtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "justhtml has sanitization bypass in custom policies and programmatic DOM"
}

GHSA-VRX2-VJH6-FHXX

Vulnerability from github – Published: 2023-08-23 21:30 – Updated: 2024-01-13 00:30
VLAI
Details

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-23T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\n\n Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.",
  "id": "GHSA-vrx2-vjh6-fhxx",
  "modified": "2024-01-13T00:30:24Z",
  "published": "2023-08-23T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20200"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VVC7-QVMV-VPJW

Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2025-01-16 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: Do not send RSS key if it is not supported

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop.

Running the following command in any QEMU virtual machine with virtionet will reproduce this problem:

# ethtool -X eth0  hfunc toeplitz

This is how the problem happens:

1) ethtool_set_rxfh() calls virtnet_set_rxfh()

2) virtnet_set_rxfh() calls virtnet_commit_rss_command()

3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather

4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size;

5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function):

if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed");

6) virtio_error() (also QEMU function) set the device as broken

vdev->broken = true;

7) Qemu bails out, and do not repond this crazy kernel.

8) The kernel is waiting for the response to come back (function virtnet_send_command())

9) The kernel is waiting doing the following :

  while (!virtqueue_get_buf(vi->cvq, &tmp) &&
     !virtqueue_is_broken(vi->cvq))
      cpu_relax();

10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu vdev->broken, so, it never realizes that the vitio is broken at QEMU side.

Fix it by not sending RSS commands if the feature is not available in the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Do not send RSS key if it is not supported\n\nThere is a bug when setting the RSS options in virtio_net that can break\nthe whole machine, getting the kernel into an infinite loop.\n\nRunning the following command in any QEMU virtual machine with virtionet\nwill reproduce this problem:\n\n    # ethtool -X eth0  hfunc toeplitz\n\nThis is how the problem happens:\n\n1) ethtool_set_rxfh() calls virtnet_set_rxfh()\n\n2) virtnet_set_rxfh() calls virtnet_commit_rss_command()\n\n3) virtnet_commit_rss_command() populates 4 entries for the rss\nscatter-gather\n\n4) Since the command above does not have a key, then the last\nscatter-gatter entry will be zeroed, since rss_key_size == 0.\nsg_buf_size = vi-\u003erss_key_size;\n\n5) This buffer is passed to qemu, but qemu is not happy with a buffer\nwith zero length, and do the following in virtqueue_map_desc() (QEMU\nfunction):\n\n  if (!sz) {\n      virtio_error(vdev, \"virtio: zero sized buffers are not allowed\");\n\n6) virtio_error() (also QEMU function) set the device as broken\n\n    vdev-\u003ebroken = true;\n\n7) Qemu bails out, and do not repond this crazy kernel.\n\n8) The kernel is waiting for the response to come back (function\nvirtnet_send_command())\n\n9) The kernel is waiting doing the following :\n\n      while (!virtqueue_get_buf(vi-\u003ecvq, \u0026tmp) \u0026\u0026\n\t     !virtqueue_is_broken(vi-\u003ecvq))\n\t      cpu_relax();\n\n10) None of the following functions above is true, thus, the kernel\nloops here forever. Keeping in mind that virtqueue_is_broken() does\nnot look at the qemu `vdev-\u003ebroken`, so, it never realizes that the\nvitio is broken at QEMU side.\n\nFix it by not sending RSS commands if the feature is not available in\nthe device.",
  "id": "GHSA-vvc7-qvmv-vpjw",
  "modified": "2025-01-16T18:30:58Z",
  "published": "2024-05-20T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35981"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/059a49aa2e25c58f90b50151f109dd3c4cdb3a47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28e9a64638cd16bc1ecac9ff74ffeacb9fb652de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43a71c1b4b3a6d4db857b1435d271540279fc7de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/539a2b995a4ed93125cb0efae0f793b00ab2158b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW2J-3XRW-2Q58

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-06T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.",
  "id": "GHSA-vw2j-3xrw-2q58",
  "modified": "2022-05-24T17:30:12Z",
  "published": "2022-05-24T17:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26575"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/16887"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/467"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/471"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/472"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/473"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHZSVK7PO2LTGFQXFHFXY6SOMSQ7UPRS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2667E6WKVE56G66BVBVD7LJPIDOJ7K3"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-08"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2020-14.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VWCC-98M2-WF3C

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2022-05-24 16:53
VLAI
Details

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-18T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.",
  "id": "GHSA-vwcc-98m2-wf3c",
  "modified": "2022-05-24T16:53:53Z",
  "published": "2022-05-24T16:53:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15143"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-36"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/djvu/bugs/297"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4198-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5032"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWGQ-PV2Q-RW8C

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-04-20 03:38
VLAI
Details

The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-12T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.",
  "id": "GHSA-vwgq-pv2q-rw8c",
  "modified": "2025-04-20T03:38:48Z",
  "published": "2022-05-13T01:15:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9122"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4545-1"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX2X-XF93-9FW9

Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30
VLAI
Details

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C.

This issue affects lede: through r25.10.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T09:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1.",
  "id": "GHSA-vx2x-xf93-9fw9",
  "modified": "2026-01-27T09:30:30Z",
  "published": "2026-01-27T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24804"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coolsnowwolf/lede/pull/13368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.