CWE-606
AllowedUnchecked Input for Loop Condition
Abstraction: Base · Status: Draft
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
53 vulnerabilities reference this CWE, most recent first.
GHSA-45FX-QQ48-M87M
Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-08 21:30FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-15172"
],
"database_specific": {
"cwe_ids": [
"CWE-606"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T21:16:48Z",
"severity": "MODERATE"
},
"details": "FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service",
"id": "GHSA-45fx-qq48-m87m",
"modified": "2026-07-08T21:30:30Z",
"published": "2026-07-08T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15172"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21347"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-472F-2V5J-FH75
Vulnerability from github – Published: 2026-06-09 09:32 – Updated: 2026-06-09 09:32Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2026-41986"
],
"database_specific": {
"cwe_ids": [
"CWE-606"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T08:16:28Z",
"severity": "LOW"
},
"details": "Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-472f-2v5j-fh75",
"modified": "2026-06-09T09:32:06Z",
"published": "2026-06-09T09:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41986"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2026/6"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4F32-Q83J-5VFJ
Vulnerability from github – Published: 2025-05-07 09:31 – Updated: 2025-05-07 09:31An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet.
{
"affected": [],
"aliases": [
"CVE-2025-32399"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-606"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T07:15:50Z",
"severity": "MODERATE"
},
"details": "An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet.",
"id": "GHSA-4f32-q83j-5vfj",
"modified": "2025-05-07T09:31:17Z",
"published": "2025-05-07T09:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32399"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5FCG-GPH2-WCVG
Vulnerability from github – Published: 2025-05-22 18:31 – Updated: 2025-05-22 18:31An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
{
"affected": [],
"aliases": [
"CVE-2024-13930"
],
"database_specific": {
"cwe_ids": [
"CWE-606"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T18:15:39Z",
"severity": "MODERATE"
},
"details": "An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised\nThis issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.",
"id": "GHSA-5fcg-gph2-wcvg",
"modified": "2025-05-22T18:31:16Z",
"published": "2025-05-22T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13930"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-64FM-8HW2-V72W
Vulnerability from github – Published: 2024-03-25 19:38 – Updated: 2026-02-05 15:26Impact
KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.
Patches
Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Workarounds
Forbid inputs containing the substring "\\edef" before passing them to KaTeX.
(There is no easy workaround for the auto-render extension.)
Details
KaTeX supports an option named maxExpand which prevents infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. However, what counted as an "expansion" is a single macro expanding to any number of tokens. The expand-and-define TeX command \edef can be used to build up an exponential number of tokens using only a linear number of expansions according to this definition, e.g. by repeatedly doubling the previous definition. This has been corrected in KaTeX v0.16.10, where every expanded token in an \edef counts as an expansion.
For more information
If you have any questions or comments about this advisory: * Open an issue or security advisory in the KaTeX repository * Email us at katex-security@mit.edu
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "katex"
},
"ranges": [
{
"events": [
{
"introduced": "0.12.0"
},
{
"fixed": "0.16.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-28243"
],
"database_specific": {
"cwe_ids": [
"CWE-606",
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-25T19:38:18Z",
"nvd_published_at": "2024-03-25T20:15:07Z",
"severity": "MODERATE"
},
"details": "### Impact\nKaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user\u0027s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.\n\n### Patches\nUpgrade to KaTeX v0.16.10 to remove this vulnerability.\n\n### Workarounds\nForbid inputs containing the substring `\"\\\\edef\"` before passing them to KaTeX.\n(There is no easy workaround for the auto-render extension.)\n\n### Details\nKaTeX supports an option named `maxExpand` which prevents infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. However, what counted as an \"expansion\" is a single macro expanding to any number of tokens. The expand-and-define TeX command `\\edef` can be used to build up an exponential number of tokens using only a linear number of expansions according to this definition, e.g. by repeatedly doubling the previous definition. This has been corrected in KaTeX v0.16.10, where every expanded token in an `\\edef` counts as an expansion.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/)\n* Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu)",
"id": "GHSA-64fm-8hw2-v72w",
"modified": "2026-02-05T15:26:49Z",
"published": "2024-03-25T19:38:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28243"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/pull/6777"
},
{
"type": "WEB",
"url": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34"
},
{
"type": "PACKAGE",
"url": "https://github.com/KaTeX/KaTeX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "KaTeX\u0027s maxExpand bypassed by `\\edef`"
}
GHSA-6X36-QXMJ-RV4P
Vulnerability from github – Published: 2024-11-12 23:01 – Updated: 2025-04-04 15:13Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
The NrbfDecoder component in .NET 9 contains a denial of service vulnerability due to incorrect input validation.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/333
Mitigation factors
Applications that do not use the NrbfDecoder component are not affected by this vulnerability. By default, .NET console apps and web apps do not reference this component.
Affected software
- Any .NET 9.0 application running on .NET 9.0.0.RC.2 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
.NET 9
| Package name | Affected version | Patched version |
|---|---|---|
| System.Formats.Nrbf | <9.0.0 | 9.0.0 |
Advisory FAQ
How do I know if I am affected?
If you have a runtime or SDK with a version listed, or an affected package listed in affected software or affected packages, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of .NET 9.0 . If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
- If your application references the vulnerable package, update the package reference to the patched version.
Note: You may need to take both actions. Upgrading to 9.0 GA is not by itself sufficient to resolve the vulnerability, since you could still be pulling in the vulnerable package by reference.
- If you have .NET 8.0 or greater installed, you can list the versions you have installed by running the
dotnet --infocommand. You will see output like the following;
.NET Core SDK (reflecting any global.json):
Version: 8.0.200
Commit: 8473146e7d
Runtime Environment:
OS Name: Windows
OS Version: 10.0.18363
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\6.0.300\
Host (useful for support):
Version: 8.0.3
Commit: 8473146e7d
.NET Core SDKs installed:
8.0.200 [C:\Program Files\dotnet\sdk]
.NET Core runtimes installed:
Microsoft.NetCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.NetCore.App]
Microsoft.AspNetCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.WindowsDesktop.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
- If you're using .NET 9.0, you should download and install .NET 9.0 Runtime or .NET 9.0.100 SDK (for Visual Studio 2022 v17.12 latest Preview) from https://dotnet.microsoft.com/download/dotnet-core/9.0.
Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.
Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
Other Information
Reporting Security Issues
If you have found a potential security issue in .NET 9.0 or .NET 8.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Revisions
V1.0 (November 12, 2024): Advisory published.
Version 1.0
Last Updated 2024-11-12
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "System.Formats.Nrbf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-43499"
],
"database_specific": {
"cwe_ids": [
"CWE-409",
"CWE-606"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-12T23:01:23Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nThe NrbfDecoder component in .NET 9 contains a denial of service vulnerability due to incorrect input validation.\n\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/333\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nApplications that do not use the NrbfDecoder component are not affected by this vulnerability. By default, .NET console apps and web apps do not reference this component.\n\n## \u003ca name=\"affected-software\"\u003e\u003c/a\u003eAffected software\n\n* Any .NET 9.0 application running on .NET 9.0.0.RC.2 or earlier.\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### \u003ca name=\".NET 9\"\u003e\u003c/a\u003e.NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Formats.Nrbf](https://www.nuget.org/packages/System.Formats.Nrbf) | \u003c9.0.0 | 9.0.0\n\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-packages) or [affected packages](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n1. To fix the issue please install the latest version of .NET 9.0 . If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n2. If your application references the vulnerable package, update the package reference to the patched version.\n\nNote: You may need to take both actions. Upgrading to 9.0 GA is not by itself sufficient to resolve the vulnerability, since you could still be pulling in the vulnerable package by reference.\n\n* If you have .NET 8.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n\n Version: 8.0.200\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 8.0.3\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 8.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.NetCore.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.NetCore.App]\n Microsoft.AspNetCore.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.WindowsDesktop.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you\u0027re using .NET 9.0, you should download and install .NET 9.0 Runtime or .NET 9.0.100 SDK (for Visual Studio 2022 v17.12 latest Preview) from https://dotnet.microsoft.com/download/dotnet-core/9.0.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 9.0 or .NET 8.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2024-43499]( https://www.cve.org/CVERecord?id=CVE-2024-43499)\n\n### Revisions\n\nV1.0 (November 12, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-11-12_",
"id": "GHSA-6x36-qxmj-rv4p",
"modified": "2025-04-04T15:13:58Z",
"published": "2024-11-12T23:01:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/runtime/security/advisories/GHSA-6x36-qxmj-rv4p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43499"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/runtime"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": ".NET Denial of Service Vulnerability"
}
GHSA-84M6-P53C-X4WP
Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-07-10 12:31If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
{
"affected": [],
"aliases": [
"CVE-2026-1519"
],
"database_specific": {
"cwe_ids": [
"CWE-606",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T14:16:33Z",
"severity": "HIGH"
},
"details": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.",
"id": "GHSA-84m6-p53c-x4wp",
"modified": "2026-07-10T12:31:27Z",
"published": "2026-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1519"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1519.json"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2026-1519"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.18.47"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451305"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1519"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8352"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8312"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8155"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8075"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7915"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34048"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29110"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25214"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25171"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24934"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24851"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24500"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16064"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16060"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15890"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11372"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11371"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-85XR-GHJ6-6M46
Vulnerability from github – Published: 2024-05-16 18:30 – Updated: 2024-08-13 18:31Issue summary: Checking excessively long DSA keys or parameters may be very slow.
Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.
The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
various checks on DSA parameters. Some of those computations take a long time
if the modulus (p parameter) is too large.
Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks.
An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.
These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable.
Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
when using the -check option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2024-4603"
],
"database_specific": {
"cwe_ids": [
"CWE-606",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T16:15:10Z",
"severity": "MODERATE"
},
"details": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"id": "GHSA-85xr-ghj6-6m46",
"modified": "2024-08-13T18:31:13Z",
"published": "2024-05-16T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0001"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20240516.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-95H4-8MQC-4MPF
Vulnerability from github – Published: 2025-09-16 18:31 – Updated: 2025-09-16 20:21Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to perform a denial-of-service (DoS) attacks via a crafted XML-RPC request.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:com.liferay.portal.impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "101.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43801"
],
"database_specific": {
"cwe_ids": [
"CWE-606"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-16T20:21:40Z",
"nvd_published_at": "2025-09-16T17:15:40Z",
"severity": "MODERATE"
},
"details": "Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to perform a denial-of-service (DoS) attacks via a crafted XML-RPC request.",
"id": "GHSA-95h4-8mqc-4mpf",
"modified": "2025-09-16T20:21:40Z",
"published": "2025-09-16T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43801"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43801"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC"
}
GHSA-C945-CQJ5-WFV6
Vulnerability from github – Published: 2023-07-31 18:30 – Updated: 2024-06-21 21:33Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p.
An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2023-3817"
],
"database_specific": {
"cwe_ids": [
"CWE-606",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-31T16:15:10Z",
"severity": "MODERATE"
},
"details": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"id": "GHSA-c945-cqj5-wfv6",
"modified": "2024-06-21T21:33:53Z",
"published": "2023-07-31T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230818-0014"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231027-0008"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20230731.txt"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Do not use user-controlled data for loop conditions.
Mitigation
Perform input validation.
No CAPEC attack patterns related to this CWE.