Common Weakness Enumeration

CWE-834

Discouraged

Excessive Iteration

Abstraction: Class · Status: Incomplete

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

124 vulnerabilities reference this CWE, most recent first.

GHSA-289V-JMV7-6XMX

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-12T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware \u003c 3.0.0.4.386.42095 or \u003c 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.",
  "id": "GHSA-289v-jmv7-6xmx",
  "modified": "2022-05-24T17:47:10Z",
  "published": "2022-05-24T17:47:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3128"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX3000/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX55/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX56U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX58U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX68U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX82U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX86U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX88U/HelpDesk_BIOS"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC66U-B1/HelpDesk_Download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC1750_B1/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC1900/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC1900P/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC1900U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC2900/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC3100/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC5300/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC58U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC65U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC68P/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC68R/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC68RW/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC68U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC68W/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC85U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC86U/HelpDesk_download"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/supportonly/RT-AC88U/HelpDesk_download"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2F25-PFQ3-C7H8

Vulnerability from github – Published: 2026-05-08 23:06 – Updated: 2026-05-08 23:06
VLAI
Summary
Phpseclib needs guardrails on large binaryfield integers
Details

Impact

Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc)

Patches

https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f

Workarounds

No.

References

https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f https://www.usenix.org/system/files/usenixsecurity25-shi-bing.pdf

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-834"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T23:06:50Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nAnyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc)\n\n### Patches\nhttps://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f\n\n### Workarounds\nNo.\n\n### References\nhttps://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f\nhttps://www.usenix.org/system/files/usenixsecurity25-shi-bing.pdf",
  "id": "GHSA-2f25-pfq3-c7h8",
  "modified": "2026-05-08T23:06:50Z",
  "published": "2026-05-08T23:06:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2f25-pfq3-c7h8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49316"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpseclib/phpseclib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Phpseclib needs guardrails on large binaryfield integers"
}

GHSA-2G4J-2XQP-4HQ5

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:44
VLAI
Details

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-07T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.",
  "id": "GHSA-2g4j-2xqp-4hq5",
  "modified": "2025-04-20T03:44:27Z",
  "published": "2022-05-13T01:14:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14175"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/712"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-07"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H3J-M7GR-25XJ

Vulnerability from github – Published: 2021-06-16 17:56 – Updated: 2021-10-21 17:32
VLAI
Summary
Excessive Iteration Denial of Service in Apache PDFBox
Details

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pdfbox:pdfbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T18:45:15Z",
    "nvd_published_at": "2021-03-19T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
  "id": "GHSA-2h3j-m7gr-25xj",
  "modified": "2021-10-21T17:32:03Z",
  "published": "2021-06-16T17:56:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/pdfbox/commit/5c5a837140fbb4ef78bb5ef9f29ad537c872c83e"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1886911"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb@%3Cusers.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb%40%3Cusers.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8@%3Cdev.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fbc4ab36@%3Cusers.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e@%3Ccommits.ofbiz.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50@%3Cdev.pdfbox.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792dbf319a9@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/PDFBOX-4892"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/pdfbox"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/03/19/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Excessive Iteration Denial of Service in Apache PDFBox"
}

GHSA-2VWP-58HF-5Q8Q

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-30T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.",
  "id": "GHSA-2vwp-58hf-5q8q",
  "modified": "2022-05-13T01:23:17Z",
  "published": "2022-05-13T01:23:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9133"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1072"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32P9-664J-Q6J6

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-06T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.",
  "id": "GHSA-32p9-664j-q6j6",
  "modified": "2022-05-13T01:25:41Z",
  "published": "2022-05-13T01:25:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2052"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/727908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-33HJ-R9X4-46JQ

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.",
  "id": "GHSA-33hj-r9x4-46jq",
  "modified": "2022-05-13T01:47:52Z",
  "published": "2022-05-13T01:47:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9256"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jun/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3RWV-JRRG-99X3

Vulnerability from github – Published: 2024-02-09 06:32 – Updated: 2026-04-08 18:32
VLAI
Details

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0842"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-09T05:15:08Z",
    "severity": "HIGH"
  },
  "details": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.",
  "id": "GHSA-3rwv-jrrg-99x3",
  "modified": "2026-04-08T18:32:35Z",
  "published": "2024-02-09T06:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0842"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3036756%40backuply\u0026new=3036756%40backuply\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-47XC-86Q6-RH6J

Vulnerability from github – Published: 2024-11-13 18:32 – Updated: 2024-11-13 18:32
VLAI
Details

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T16:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.",
  "id": "GHSA-47xc-86q6-rh6j",
  "modified": "2024-11-13T18:32:04Z",
  "published": "2024-11-13T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8049"
    },
    {
      "type": "WEB",
      "url": "https://docs.telerik.com/devtools/document-processing/knowledge-base/excessive-allocation-cve-2024-8049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-496G-FR33-WHRF

Vulnerability from github – Published: 2024-01-31 23:11 – Updated: 2024-01-31 23:11
VLAI
Summary
Denial of service in HashiCorp Consul
Details

HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-25201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-834"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-31T23:11:24Z",
    "nvd_published_at": "2020-11-04T23:15:11Z",
    "severity": "HIGH"
  },
  "details": "HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.",
  "id": "GHSA-496g-fr33-whrf",
  "modified": "2024-01-31T23:11:24Z",
  "published": "2024-01-31T23:11:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/consul/pull/9024"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-09"
    },
    {
      "type": "WEB",
      "url": "https://www.hashicorp.com/blog/category/consul"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of service in HashiCorp Consul"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.