Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

CVE-2026-4111 (GCVE-0-2026-4111)

Vulnerability from cvelistv5 – Published: 2026-03-13 11:45 – Updated: 2026-07-15 01:00
VLAI
Title
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
Summary
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:10065 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10081 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10097 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17596 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5063 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5080 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6647 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7093 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7105 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7106 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7239 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7329 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7335 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8423 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8746 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8747 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8748 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8865 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8944 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9832 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4111 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2446453 issue-trackingx_refsource_REDHAT
https://github.com/libarchive/libarchive/pull/2877
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.7.7-5.el10_1 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:3.7.7-5.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.5.3-7.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.5.3-2.el9_0.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
    cpe:/o:redhat:rhel_e4s:9.0::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:3.5.3-5.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
    cpe:/o:redhat:rhel_e4s:9.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.5.3-4.el9_4.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
    cpe:/a:redhat:rhel_eus:9.4::crb
    cpe:/o:redhat:rhel_eus:9.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:3.5.3-6.el9_6.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
    cpe:/o:redhat:rhel_eus:9.6::baseos
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202604080111-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202605060243-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202605060220-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202604211449-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.16::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202605112123-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.17::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: 418.94.202604140044-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.18::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.19 Unaffected: 4.19.9.6.202604211219-0 , < * (rpm)
    cpe:/a:redhat:openshift:4.19::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.2 Unaffected: 1780681984 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.2::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.2 Unaffected: 1775740563 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.2::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244559 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244531 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244546 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1775680192 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1775680262 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1775749857 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1775668717 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1775675922 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Hardened Images Unaffected: 3.8.7-1.hum1 , < * (rpm)
    cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Insights proxy 1.5 Unaffected: 1776868961 , < * (rpm)
    cpe:/a:redhat:insights_proxy:1.5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1776868774 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1776868744 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1776868772 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1776868842 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.5.3-7.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
    cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:3.5.3-2.el9_0.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:3.5.3-5.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:3.5.3-4.el9_4.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:3.5.3-6.el9_6.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1775749857 , < * (rpm)
Unaffected: 1778244559 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1775680262 , < * (rpm)
Unaffected: 1778244531 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.3::el9
Create a notification for this product.
Date Public
2026-03-11 00:00
Credits
Red Hat would like to thank Elhanan Haenel for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-13T13:36:13.170394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-13T13:36:18.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.7.7-5.el10_1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.7.7-5.el10_0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9",
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.5.3-7.el9_7",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.5.3-2.el9_0.3",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.5.3-5.el9_2.1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.5.3-4.el9_4.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.5.3-6.el9_6.1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.13::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.13",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "413.92.202604080111-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "414.92.202605060243-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "415.92.202605060220-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "416.94.202604211449-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "417.94.202605112123-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "418.94.202604140044-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "4.19.9.6.202604211219-0",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.2::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/model-opt-cuda-rhel9",
            "product": "Red Hat AI Inference Server 3.2",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1780681984",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.2::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/vllm-cuda-rhel9",
            "product": "Red Hat AI Inference Server 3.2",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775740563",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.3::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/model-opt-cuda-rhel9",
            "product": "Red Hat AI Inference Server 3.3",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775749857",
                "versionType": "rpm"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1778244559",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.3::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/vllm-rocm-rhel9",
            "product": "Red Hat AI Inference Server 3.3",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775680262",
                "versionType": "rpm"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1778244531",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.3::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/vllm-spyre-rhel9",
            "product": "Red Hat AI Inference Server 3.3",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1778244546",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.3::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhaiis/vllm-cuda-rhel9",
            "product": "Red Hat AI Inference Server 3.3",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775680192",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:discovery:2::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "discovery/discovery-server-rhel9",
            "product": "Red Hat Discovery 2",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775668717",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:discovery:2::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "discovery/discovery-ui-rhel9",
            "product": "Red Hat Discovery 2",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1775675922",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "packageName": "libarchive-main",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "3.8.7-1.hum1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:insights_proxy:1.5::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "insights-proxy/insights-proxy-container-rhel9",
            "product": "Red Hat Insights proxy 1.5",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1776868961",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:rhui:5::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhui5/cds-rhel9",
            "product": "Red Hat Update Infrastructure 5",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1776868774",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:rhui:5::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhui5/haproxy-rhel9",
            "product": "Red Hat Update Infrastructure 5",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1776868744",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:rhui:5::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhui5/installer-rhel9",
            "product": "Red Hat Update Infrastructure 5",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1776868772",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:rhui:5::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhui5/rhua-rhel9",
            "product": "Red Hat Update Infrastructure 5",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1776868842",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unknown",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "packageName": "libarchive",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-11T00:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:00:01.097Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-4111"
          },
          {
            "name": "RHBZ#2446453",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7239"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15087"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14773"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10097"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17596"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8423"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10081"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8865"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5063"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7093"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6647"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7106"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7105"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5080"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25096"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7335"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16008"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8748"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8746"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8747"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16009"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16174"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7329"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8944"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9832"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10065"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:7239: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10097: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17596: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8423: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10081: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8865: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5063: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7093: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6647: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7106: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7105: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5080: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7335: Red Hat AI Inference Server 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8748: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8746: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8747: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7329: Red Hat Discovery 2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8944: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9832: Red Hat Insights proxy 1.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-11T11:18:51.609Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-11T00:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.7-5.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.7-5.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-7.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-7.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-2.el9_0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-5.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-4.el9_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/o:redhat:rhel_eus:9.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-6.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202604080111-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202605060243-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202605060220-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202604211449-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202605112123-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202604140044-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.19.9.6.202604211219-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780681984",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775740563",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778244559",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778244531",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778244546",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775680192",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775680262",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775749857",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775668717",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1775675922",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3.8.7-1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1776868961",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/cds-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1776868774",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/haproxy-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1776868744",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/installer-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1776868772",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/rhua-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1776868842",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Elhanan Haenel for reporting this issue."
        }
      ],
      "datePublic": "2026-03-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:33:56.419Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:10065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10065"
        },
        {
          "name": "RHSA-2026:10081",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10081"
        },
        {
          "name": "RHSA-2026:10097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10097"
        },
        {
          "name": "RHSA-2026:14773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14773"
        },
        {
          "name": "RHSA-2026:15087",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15087"
        },
        {
          "name": "RHSA-2026:16008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:16008"
        },
        {
          "name": "RHSA-2026:16009",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:16009"
        },
        {
          "name": "RHSA-2026:16174",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:16174"
        },
        {
          "name": "RHSA-2026:17596",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:17596"
        },
        {
          "name": "RHSA-2026:25096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25096"
        },
        {
          "name": "RHSA-2026:5063",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5063"
        },
        {
          "name": "RHSA-2026:5080",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5080"
        },
        {
          "name": "RHSA-2026:6647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6647"
        },
        {
          "name": "RHSA-2026:7093",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7093"
        },
        {
          "name": "RHSA-2026:7105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7105"
        },
        {
          "name": "RHSA-2026:7106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7106"
        },
        {
          "name": "RHSA-2026:7239",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7239"
        },
        {
          "name": "RHSA-2026:7329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7329"
        },
        {
          "name": "RHSA-2026:7335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7335"
        },
        {
          "name": "RHSA-2026:8423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8423"
        },
        {
          "name": "RHSA-2026:8746",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8746"
        },
        {
          "name": "RHSA-2026:8747",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8747"
        },
        {
          "name": "RHSA-2026:8748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8748"
        },
        {
          "name": "RHSA-2026:8865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8865"
        },
        {
          "name": "RHSA-2026:8944",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:8944"
        },
        {
          "name": "RHSA-2026:9832",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:9832"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4111"
        },
        {
          "name": "RHBZ#2446453",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2877"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-11T11:18:51.609Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-11T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4111",
    "datePublished": "2026-03-13T11:45:20.653Z",
    "dateReserved": "2026-03-13T11:33:42.645Z",
    "dateUpdated": "2026-07-15T01:00:01.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0960 (GCVE-0-2026-0960)

Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
Vendor Product Version
Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.3 (semver)
Create a notification for this product.
Credits
Tom Needham
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0960",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T21:15:29.789821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T21:15:57.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.3",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tom Needham"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T13:56:59.148Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
        },
        {
          "name": "GitLab Issue #20944",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/20944"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.3 or above"
        }
      ],
      "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-0960",
    "datePublished": "2026-01-14T20:23:33.849Z",
    "dateReserved": "2026-01-14T20:14:02.922Z",
    "dateUpdated": "2026-03-27T13:56:59.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0619 (GCVE-0-2026-0619)

Vulnerability from cvelistv5 – Published: 2026-02-12 20:09 – Updated: 2026-02-12 20:43
VLAI
Title
Integer Wraparound DoS in Silicon Labs Matter Implementation
Summary
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
URL Tags
https://community.silabs.com/068Vm00000gUB2g vendor-advisorypermissions-required
Impacted products
Vendor Product Version
silabs.com Silicon Labs Matter Affected: 2.7.0 , < 2.8.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T20:43:39.885555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T20:43:50.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Silicon Labs Matter",
          "repo": "https://github.com/SiliconLabs/matter",
          "vendor": "silabs.com",
          "versions": [
            {
              "lessThan": "2.8.0",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs\u0027 Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.\u0026nbsp;"
            }
          ],
          "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs\u0027 Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T20:09:28.533Z",
        "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "shortName": "Silabs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "permissions-required"
          ],
          "url": "https://community.silabs.com/068Vm00000gUB2g"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer Wraparound DoS in Silicon Labs Matter Implementation",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
    "assignerShortName": "Silabs",
    "cveId": "CVE-2026-0619",
    "datePublished": "2026-02-12T20:09:28.533Z",
    "dateReserved": "2026-01-05T19:06:00.585Z",
    "dateUpdated": "2026-02-12T20:43:50.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-71330 (GCVE-0-2025-71330)

Vulnerability from cvelistv5 – Published: 2026-06-10 13:02 – Updated: 2026-07-14 22:26 X_Open Source Unsupported When Assigned
VLAI
Title
image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
Summary
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
Impacted products
Vendor Product Version
image-size image-size Affected: 1.1.0 , ≤ 1.2.1 (semver)
Affected: 2.0.0 , ≤ 2.0.2 (semver)
Create a notification for this product.
Date Public
2025-10-09 00:00
Credits
Preston Price (@prestonprice57)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-71330",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T14:04:41.971699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T14:05:08.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/image-size",
          "product": "image-size",
          "repo": "https://github.com/image-size/image-size",
          "vendor": "image-size",
          "versions": [
            {
              "lessThanOrEqual": "1.2.1",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.2",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "1.2.1",
                  "versionStartIncluding": "1.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "2.0.2",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Preston Price (@prestonprice57)"
        }
      ],
      "datePublic": "2025-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:26:08.772Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source",
        "unsupported-when-assigned"
      ],
      "title": "image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-71330",
    "datePublished": "2026-06-10T13:02:04.764Z",
    "dateReserved": "2026-06-10T12:57:20.193Z",
    "dateUpdated": "2026-07-14T22:26:08.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-71329 (GCVE-0-2025-71329)

Vulnerability from cvelistv5 – Published: 2026-06-10 13:04 – Updated: 2026-07-14 22:26 X_Open Source Unsupported When Assigned
VLAI
Title
image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser
Summary
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
Impacted products
Vendor Product Version
image-size image-size Affected: 1.1.0 , ≤ 1.2.1 (semver)
Affected: 2.0.0 , ≤ 2.0.2 (semver)
Create a notification for this product.
Date Public
2025-04-18 00:00
Credits
Joshua Rogers (@MegaManSec)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-71329",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T14:45:56.403206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T14:46:07.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/image-size",
          "product": "image-size",
          "repo": "https://github.com/image-size/image-size",
          "vendor": "image-size",
          "versions": [
            {
              "lessThanOrEqual": "1.2.1",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.2",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "1.2.1",
                  "versionStartIncluding": "1.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "2.0.2",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joshua Rogers (@MegaManSec)"
        }
      ],
      "datePublic": "2025-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eimage-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.\u003c/p\u003e"
            }
          ],
          "value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:26:08.074Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source",
        "unsupported-when-assigned"
      ],
      "title": "image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-71329",
    "datePublished": "2026-06-10T13:04:30.380Z",
    "dateReserved": "2026-06-10T12:57:20.193Z",
    "dateUpdated": "2026-07-14T22:26:08.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-71319 (GCVE-0-2025-71319)

Vulnerability from cvelistv5 – Published: 2026-06-09 19:57 – Updated: 2026-07-15 01:24 X_Open Source Unsupported When Assigned
VLAI
Title
image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser
Summary
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
Impacted products
Vendor Product Version
image-size image-size Affected: 1.1.0 , ≤ 1.2.1 (semver)
Affected: 2.0.0 , ≤ 2.0.2 (semver)
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1782756541 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Trusted Artifact Signer 1.4 Unaffected: 1783327185 , < * (rpm)
    cpe:/a:redhat:trusted_artifact_signer:1.4::el9
Create a notification for this product.
Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
Create a notification for this product.
Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
Create a notification for this product.
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Create a notification for this product.
Date Public
2025-04-18 00:00
Credits
Joshua Rogers (@MegaManSec)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-71319",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T15:28:34.029349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T16:32:56.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:discovery:2::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "discovery/discovery-ui-rhel9",
            "product": "Red Hat Discovery 2",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782756541",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhtas/rekor-search-ui-rhel9",
            "product": "Red Hat Trusted Artifact Signer 1.4",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783327185",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:gatekeeper:3"
            ],
            "defaultStatus": "affected",
            "packageName": "gatekeeper/gatekeeper-rhel9",
            "product": "Gatekeeper 3",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rh-podman-desktop.git",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "packageName": "subscription-manager",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "packageName": "grafana",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "grafana-pcp",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "subscription-manager",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:jboss_fuse:7"
            ],
            "defaultStatus": "unaffected",
            "packageName": "image-size",
            "product": "Red Hat Fuse 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:7"
            ],
            "defaultStatus": "unaffected",
            "packageName": "image-size",
            "product": "Red Hat JBoss Enterprise Application Platform 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8"
            ],
            "defaultStatus": "unaffected",
            "packageName": "image-size",
            "product": "Red Hat JBoss Enterprise Application Platform 8",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "unaffected",
            "packageName": "image-size",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "unaffected",
            "packageName": "devspaces/code-rhel9",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "unaffected",
            "packageName": "satellite/iop-vulnerability-frontend-rhel9",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-09T19:57:16.125Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:24:31.206Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-71319"
          },
          {
            "name": "RHBZ#2487296",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33313"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:37272"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33313: Red Hat Discovery 2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:37272: Red Hat Trusted Artifact Signer 1.4"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-09T21:01:11.339Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-09T19:57:16.125Z",
            "value": "Made public."
          }
        ],
        "title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/image-size",
          "product": "image-size",
          "repo": "https://github.com/image-size/image-size",
          "vendor": "image-size",
          "versions": [
            {
              "lessThanOrEqual": "1.2.1",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.2",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "1.2.1",
                  "versionStartIncluding": "1.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
                  "versionEndIncluding": "2.0.2",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joshua Rogers (@MegaManSec)"
        }
      ],
      "datePublic": "2025-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:26:06.695Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source",
        "unsupported-when-assigned"
      ],
      "title": "image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-71319",
    "datePublished": "2026-06-09T19:57:16.125Z",
    "dateReserved": "2026-06-08T20:44:31.209Z",
    "dateUpdated": "2026-07-15T01:24:31.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69227 (GCVE-0-2025-69227)

Vulnerability from cvelistv5 – Published: 2026-01-05 23:19 – Updated: 2026-01-06 19:02
VLAI
Title
AIOHTTP vulnerable to DoS when bypassing asserts
Summary
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message. This issue is fixed in version 3.13.3.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
Vendor Product Version
aio-libs aiohttp Affected: < 3.13.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69227",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:25:12.409319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T19:02:48.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiohttp",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.13.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message. This issue is fixed in version 3.13.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T23:19:31.396Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259"
        }
      ],
      "source": {
        "advisory": "GHSA-jj3x-wxrx-4x23",
        "discovery": "UNKNOWN"
      },
      "title": "AIOHTTP vulnerable to DoS when bypassing asserts"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-69227",
    "datePublished": "2026-01-05T23:19:31.396Z",
    "dateReserved": "2025-12-29T20:53:19.433Z",
    "dateUpdated": "2026-01-06T19:02:48.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68137 (GCVE-0-2025-68137)

Vulnerability from cvelistv5 – Published: 2026-01-21 19:20 – Updated: 2026-01-21 19:51
VLAI
Title
EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop
Summary
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
Vendor Product Version
EVerest everest-core Affected: < 2025.10.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68137",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T19:51:05.581714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T19:51:26.058Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "everest-core",
          "vendor": "EVerest",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2025.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T19:20:09.059Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w"
        }
      ],
      "source": {
        "advisory": "GHSA-7qq4-q9r8-wc7w",
        "discovery": "UNKNOWN"
      },
      "title": "EVerest\u0027s Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68137",
    "datePublished": "2026-01-21T19:20:09.059Z",
    "dateReserved": "2025-12-15T18:09:12.694Z",
    "dateUpdated": "2026-01-21T19:51:26.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66252 (GCVE-0-2025-66252)

Vulnerability from cvelistv5 – Published: 2025-11-26 00:34 – Updated: 2025-12-01 21:11
VLAI
Title
Infinite Loop Denial of Service via Failed File Deletion
Summary
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Infinite Loop Denial of Service via Failed File Deletion
Assigner
References
URL Tags
https://www.abdulmhsblog.com/posts/webfmvulns/ exploittechnical-description
Impacted products
Vendor Product Version
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter Affected: 30
Affected: 50
Affected: 100
Affected: 300
Affected: 500
Affected: 1000
Affected: 2000
Affected: 3000
Affected: 3500
Affected: 6000
Affected: 7000
Create a notification for this product.
Credits
Abdul Mhanni
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66252",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T21:11:24.334944Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T21:11:46.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.abdulmhsblog.com/posts/webfmvulns/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mozart FM Transmitter",
          "vendor": "DB Electronica Telecomunicazioni S.p.A.",
          "versions": [
            {
              "status": "affected",
              "version": "30"
            },
            {
              "status": "affected",
              "version": "50"
            },
            {
              "status": "affected",
              "version": "100"
            },
            {
              "status": "affected",
              "version": "300"
            },
            {
              "status": "affected",
              "version": "500"
            },
            {
              "status": "affected",
              "version": "1000"
            },
            {
              "status": "affected",
              "version": "2000"
            },
            {
              "status": "affected",
              "version": "3000"
            },
            {
              "status": "affected",
              "version": "3500"
            },
            {
              "status": "affected",
              "version": "6000"
            },
            {
              "status": "affected",
              "version": "7000"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Abdul Mhanni"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInfinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.\u003c/p\u003e"
            }
          ],
          "value": "Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Infinite Loop Denial of Service via Failed File Deletion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-26T00:34:11.994Z",
        "orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
        "shortName": "Gridware"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "technical-description"
          ],
          "url": "https://www.abdulmhsblog.com/posts/webfmvulns/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Infinite Loop Denial of Service via Failed File Deletion",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
    "assignerShortName": "Gridware",
    "cveId": "CVE-2025-66252",
    "datePublished": "2025-11-26T00:34:11.994Z",
    "dateReserved": "2025-11-26T00:21:33.790Z",
    "dateUpdated": "2025-12-01T21:11:46.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64438 (GCVE-0-2025-64438)

Vulnerability from cvelistv5 – Published: 2026-02-03 19:32 – Updated: 2026-02-03 20:30
VLAI
Title
Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS
Summary
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (`gapList .base - gapStart`), an attacker drives `StatefulReader::processGapMsg()` into an unbounded loop that inserts millions of s equence numbers into `WriterProxy::changes_received_` (`std::set`), causing multi-GB heap growth and process termination. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
Impacted products
Vendor Product Version
eProsima Fast-DDS Affected: 3.4.0 , < 3.4.1 (custom)
Affected: 3.0.0 , < 3.3.1 (custom)
Affected: 0 , < 2.6.11 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T20:30:43.758529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T20:30:50.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fast-DDS",
          "repo": "https://github.com/eProsima/Fast-DDS",
          "vendor": "eProsima",
          "versions": [
            {
              "lessThan": "3.4.1",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.1",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.6.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Gr\noup). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a\u0026nbsp;remotely triggerable Out-of-Memory (OOM) denial-of-service exists\n in Fast-DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (\n`gapList.base - gapStart`), an attacker drives `StatefulReader::processGapMsg()` into an unbounded loop that inserts milli\nons of sequence numbers into `WriterProxy::changes_received_` (`std::set`), causing multi-GB heap growth and process termi\nnation. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without\n an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11\n patch the issue."
            }
          ],
          "value": "Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group\n). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast\n-DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (`gapList\n.base - gapStart`), an attacker drives `StatefulReader::processGapMsg()` into an unbounded loop that inserts millions of s\nequence numbers into `WriterProxy::changes_received_` (`std::set`), causing multi-GB heap growth and process termination. \nNo authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS \nlimit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t\nhe issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T19:32:22.265Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2025-64438"
        },
        {
          "url": "https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7"
        },
        {
          "url": "https://github.com/eProsima/Fast-DDS/commit/71da01b4aea4d937558984f2cf0089f5ba3c871f"
        },
        {
          "url": "https://github.com/eProsima/Fast-DDS/commit/8ca016134dac20b6e30e42b7b73466ef7cdbc213"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64438",
    "datePublished": "2026-02-03T19:32:22.265Z",
    "dateReserved": "2025-11-03T22:12:51.366Z",
    "dateUpdated": "2026-02-03T20:30:50.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.