CWE-834
DiscouragedExcessive Iteration
Abstraction: Class · Status: Incomplete
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
124 vulnerabilities reference this CWE, most recent first.
GHSA-289V-JMV7-6XMX
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
{
"affected": [],
"aliases": [
"CVE-2021-3128"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-12T19:15:00Z",
"severity": "HIGH"
},
"details": "In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware \u003c 3.0.0.4.386.42095 or \u003c 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.",
"id": "GHSA-289v-jmv7-6xmx",
"modified": "2022-05-24T17:47:10Z",
"published": "2022-05-24T17:47:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3128"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX3000/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX55/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX56U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX58U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX68U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX82U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX86U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-series/RT-AX88U/HelpDesk_BIOS"
},
{
"type": "WEB",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC66U-B1/HelpDesk_Download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC1750_B1/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC1900/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC1900P/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC1900U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC2900/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC3100/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC5300/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC58U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC65U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC68P/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC68R/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC68RW/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC68U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC68W/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC85U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC86U/HelpDesk_download"
},
{
"type": "WEB",
"url": "https://www.asus.com/supportonly/RT-AC88U/HelpDesk_download"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2F25-PFQ3-C7H8
Vulnerability from github – Published: 2026-05-08 23:06 – Updated: 2026-05-08 23:06Impact
Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc)
Patches
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
Workarounds
No.
References
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f https://www.usenix.org/system/files/usenixsecurity25-shi-bing.pdf
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "phpseclib/phpseclib"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-49316"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T23:06:50Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nAnyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc)\n\n### Patches\nhttps://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f\n\n### Workarounds\nNo.\n\n### References\nhttps://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f\nhttps://www.usenix.org/system/files/usenixsecurity25-shi-bing.pdf",
"id": "GHSA-2f25-pfq3-c7h8",
"modified": "2026-05-08T23:06:50Z",
"published": "2026-05-08T23:06:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2f25-pfq3-c7h8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49316"
},
{
"type": "WEB",
"url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/phpseclib/phpseclib"
},
{
"type": "WEB",
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Phpseclib needs guardrails on large binaryfield integers"
}
GHSA-2G4J-2XQP-4HQ5
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:44In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
{
"affected": [],
"aliases": [
"CVE-2017-14175"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-07T06:29:00Z",
"severity": "HIGH"
},
"details": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.",
"id": "GHSA-2g4j-2xqp-4hq5",
"modified": "2025-04-20T03:44:27Z",
"published": "2022-05-13T01:14:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14175"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/712"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H3J-M7GR-25XJ
Vulnerability from github – Published: 2021-06-16 17:56 – Updated: 2021-10-21 17:32A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.pdfbox:pdfbox"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.23"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27807"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-22T18:45:15Z",
"nvd_published_at": "2021-03-19T16:15:00Z",
"severity": "MODERATE"
},
"details": "A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
"id": "GHSA-2h3j-m7gr-25xj",
"modified": "2021-10-21T17:32:03Z",
"published": "2021-06-16T17:56:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807"
},
{
"type": "WEB",
"url": "https://github.com/apache/pdfbox/commit/5c5a837140fbb4ef78bb5ef9f29ad537c872c83e"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1886911"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re1e35881482e07dc2be6058d9b44483457f36133cac67956686ad9b9@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc69140d894c6a9c67a8097a25656cce59b46a5620c354ceba10543c3@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raa35746227f3f8d50fff1db9899524423a718f6f35cd39bd4769fa6c@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ffe179385637b0b5cbdabd0246118005b4b8232909d2d14cd68ccd3@%3Ccommits.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb@%3Cusers.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb%40%3Cusers.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7ee634c21816c69ce829d0c41f35afa2a53a99bdd3c7cce8644fdc0e@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5c8e2125d18af184c80f7a986fbe47eaf0d30457cd450133adc235ac@%3Ccommits.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8@%3Cdev.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fbc4ab36@%3Cusers.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e@%3Ccommits.ofbiz.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50@%3Cdev.pdfbox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792dbf319a9@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/PDFBOX-4892"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/pdfbox"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/03/19/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Excessive Iteration Denial of Service in Apache PDFBox"
}
GHSA-2VWP-58HF-5Q8Q
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
{
"affected": [],
"aliases": [
"CVE-2018-9133"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-30T08:29:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.",
"id": "GHSA-2vwp-58hf-5q8q",
"modified": "2022-05-13T01:23:17Z",
"published": "2022-05-13T01:23:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9133"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1072"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32P9-664J-Q6J6
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
{
"affected": [],
"aliases": [
"CVE-2018-11813"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-06T03:29:00Z",
"severity": "HIGH"
},
"details": "libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.",
"id": "GHSA-32p9-664j-q6j6",
"modified": "2022-05-13T01:25:41Z",
"published": "2022-05-13T01:25:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2052"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/727908"
},
{
"type": "WEB",
"url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf"
},
{
"type": "WEB",
"url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"
},
{
"type": "WEB",
"url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-33HJ-R9X4-46JQ
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
{
"affected": [],
"aliases": [
"CVE-2017-9256"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-27T12:29:00Z",
"severity": "HIGH"
},
"details": "The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.",
"id": "GHSA-33hj-r9x4-46jq",
"modified": "2022-05-13T01:47:52Z",
"published": "2022-05-13T01:47:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9256"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jun/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RWV-JRRG-99X3
Vulnerability from github – Published: 2024-02-09 06:32 – Updated: 2026-04-08 18:32The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.
{
"affected": [],
"aliases": [
"CVE-2024-0842"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T05:15:08Z",
"severity": "HIGH"
},
"details": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.",
"id": "GHSA-3rwv-jrrg-99x3",
"modified": "2026-04-08T18:32:35Z",
"published": "2024-02-09T06:32:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0842"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3036756%40backuply\u0026new=3036756%40backuply\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-47XC-86Q6-RH6J
Vulnerability from github – Published: 2024-11-13 18:32 – Updated: 2024-11-13 18:32In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
{
"affected": [],
"aliases": [
"CVE-2024-8049"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T16:15:21Z",
"severity": "MODERATE"
},
"details": "In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.",
"id": "GHSA-47xc-86q6-rh6j",
"modified": "2024-11-13T18:32:04Z",
"published": "2024-11-13T18:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8049"
},
{
"type": "WEB",
"url": "https://docs.telerik.com/devtools/document-processing/knowledge-base/excessive-allocation-cve-2024-8049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-496G-FR33-WHRF
Vulnerability from github – Published: 2024-01-31 23:11 – Updated: 2024-01-31 23:11HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.8.0"
},
{
"fixed": "1.8.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25201"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T23:11:24Z",
"nvd_published_at": "2020-11-04T23:15:11Z",
"severity": "HIGH"
},
"details": "HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.",
"id": "GHSA-496g-fr33-whrf",
"modified": "2024-01-31T23:11:24Z",
"published": "2024-01-31T23:11:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/pull/9024"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-09"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/consul"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service in HashiCorp Consul"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.