CWE-833
AllowedDeadlock
Abstraction: Base · Status: Incomplete
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
39 vulnerabilities reference this CWE, most recent first.
GHSA-J3FJ-RFH9-7J99
Vulnerability from github – Published: 2025-02-12 03:31 – Updated: 2025-02-12 03:31Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2024-29172"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T02:15:10Z",
"severity": "MODERATE"
},
"details": "Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.",
"id": "GHSA-j3fj-rfh9-7j99",
"modified": "2025-02-12T03:31:14Z",
"published": "2025-02-12T03:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29172"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M24R-P59V-Q652
Vulnerability from github – Published: 2023-07-18 18:30 – Updated: 2024-04-04 06:13A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.
{
"affected": [],
"aliases": [
"CVE-2023-0160"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-18T17:15:11Z",
"severity": "MODERATE"
},
"details": "A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. This flaw allows a local user to potentially crash the system.",
"id": "GHSA-m24r-p59v-q652",
"modified": "2024-04-04T06:13:54Z",
"published": "2023-07-18T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0160"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-0160"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159764"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9QX-F7M5-X2M6
Vulnerability from github – Published: 2023-04-11 12:30 – Updated: 2024-06-11 09:30A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.
{
"affected": [],
"aliases": [
"CVE-2022-43767"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-11T10:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.",
"id": "GHSA-m9qx-f7m5-x2m6",
"modified": "2024-06-11T09:30:53Z",
"published": "2023-04-11T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43767"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q286-Q7FG-G7GC
Vulnerability from github – Published: 2025-10-27 12:32 – Updated: 2025-10-27 12:32An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
{
"affected": [],
"aliases": [
"CVE-2025-59463"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T11:15:41Z",
"severity": "MODERATE"
},
"details": "An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.",
"id": "GHSA-q286-q7fg-g7gc",
"modified": "2025-10-27T12:32:52Z",
"published": "2025-10-27T12:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59463"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q9X9-MHF5-VMMM
Vulnerability from github – Published: 2025-07-29 18:30 – Updated: 2025-07-29 18:30IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
{
"affected": [],
"aliases": [
"CVE-2025-36010"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-29T18:15:28Z",
"severity": "MODERATE"
},
"details": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.",
"id": "GHSA-q9x9-mhf5-vmmm",
"modified": "2025-07-29T18:30:36Z",
"published": "2025-07-29T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36010"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7240951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QQ9F-Q439-2574
Vulnerability from github – Published: 2025-01-02 21:31 – Updated: 2025-05-15 00:30A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.narayana.rts:lra-coordinator-jar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.1.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-8447"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-02T22:05:33Z",
"nvd_published_at": "2025-01-02T21:15:10Z",
"severity": "MODERATE"
},
"details": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
"id": "GHSA-qq9f-q439-2574",
"modified": "2025-05-15T00:30:26Z",
"published": "2025-01-02T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
},
{
"type": "WEB",
"url": "https://github.com/jbosstm/narayana/pull/2293"
},
{
"type": "WEB",
"url": "https://github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3357"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3358"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7620"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8447"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
},
{
"type": "PACKAGE",
"url": "https://github.com/jbosstm/narayana"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Narayana deadlock via multiple join requests sent to LRA Coordinator"
}
GHSA-WHPQ-78MQ-QCJ6
Vulnerability from github – Published: 2023-06-27 21:30 – Updated: 2024-04-04 05:13Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
{
"affected": [],
"aliases": [
"CVE-2023-3436"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-27T21:15:16Z",
"severity": "LOW"
},
"details": "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\n\n",
"id": "GHSA-whpq-78mq-qcj6",
"modified": "2024-04-04T05:13:36Z",
"published": "2023-06-27T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3436"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X4V6-W9V4-P32J
Vulnerability from github – Published: 2024-01-17 18:31 – Updated: 2024-01-24 21:30A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
{
"affected": [],
"aliases": [
"CVE-2024-0641"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-17T16:15:47Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel\u2019s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.",
"id": "GHSA-x4v6-w9v4-p32j",
"modified": "2024-01-24T21:30:32Z",
"published": "2024-01-17T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0641"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0641"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258757"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV49-PVQX-8XR6
Vulnerability from github – Published: 2022-12-05 18:30 – Updated: 2025-04-14 18:31A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2022-4269"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T16:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.",
"id": "GHSA-xv49-pvqx-8xr6",
"modified": "2025-04-14T18:31:41Z",
"published": "2022-12-05T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4269"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230929-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5480"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.