Common Weakness Enumeration
CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
CVE-2024-2397 (GCVE-0-2024-2397)
Vulnerability from cvelistv5 – Published: 2024-04-12 13:22 – Updated: 2025-02-13 17:40
VLAI
EPSS
VEX
Title
infinite loop in the PPP printer of tcpdump
Summary
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Tcpdump Group | tcpdump |
Affected:
0d4083e , < b9811ef
(git)
|
Date Public
2024-04-12 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:39:23.683099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:39:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-03T13:34:59.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-September/000298.html"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"PPP printer"
],
"product": "tcpdump",
"vendor": "The Tcpdump Group",
"versions": [
{
"lessThan": "b9811ef",
"status": "affected",
"version": "0d4083e",
"versionType": "git"
}
]
}
],
"datePublic": "2024-04-12T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21."
}
],
"exploits": [
{
"lang": "en",
"value": "A functional exploit exists."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:09:07.141Z",
"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"shortName": "Tcpdump"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "infinite loop in the PPP printer of tcpdump"
}
},
"cveMetadata": {
"assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"assignerShortName": "Tcpdump",
"cveId": "CVE-2024-2397",
"datePublished": "2024-04-12T13:22:01.636Z",
"dateReserved": "2024-03-12T10:29:32.095Z",
"dateUpdated": "2025-02-13T17:40:07.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1931 (GCVE-0-2024-1931)
Vulnerability from cvelistv5 – Published: 2024-03-07 09:17 – Updated: 2025-02-13 17:32
VLAI
EPSS
VEX
Title
Denial of service when trimming EDE text on positive replies
Summary
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | Unbound |
Affected:
1.18.0 , < 1.19.2
(semver)
|
|
| nlnetlabs | unbound |
Affected:
1.18.0 , < 1.19.2
(custom)
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:* |
Date Public
2024-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unbound",
"vendor": "nlnetlabs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:41:49.748390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:43:00.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fredrik Pettai, SUNET"
},
{
"lang": "en",
"type": "finder",
"value": "Patrik Lundin, SUNET"
}
],
"datePublic": "2024-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client\u0027s advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client\u0027s buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the \u0027ede: yes\u0027 option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "\u0027ede: yes\u0027 option set"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T16:05:59.717Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 1.19.2 and all later versions. For the vulnerable versions 1.18.0 up to and including 1.19.1, the option \u0027ede: no\u0027 (default configuration) is also a solution as it does not exercise the vulnerable code path."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-17T00:00:00.000Z",
"value": "Issue reported by SUNET"
},
{
"lang": "en",
"time": "2024-02-19T00:00:00.000Z",
"value": "Issue acknowledged by NLnet Labs"
},
{
"lang": "en",
"time": "2021-09-22T00:00:00.000Z",
"value": "Mitigation shared with SUNET"
},
{
"lang": "en",
"time": "2024-03-07T00:00:00.000Z",
"value": "Fixes released with Unbound 1.19.2"
}
],
"title": "Denial of service when trimming EDE text on positive replies"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2024-1931",
"datePublished": "2024-03-07T09:17:13.072Z",
"dateReserved": "2024-02-27T13:43:18.777Z",
"dateUpdated": "2025-02-13T17:32:27.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0211 (GCVE-0-2024-0211)
Vulnerability from cvelistv5 – Published: 2024-01-03 07:31 – Updated: 2026-03-27 13:56
VLAI
EPSS
VEX
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.2.0 , < 4.2.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:50:53.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"
},
{
"name": "GitLab Issue #19557",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:36:29.773383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:44:08.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:56.882Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"
},
{
"name": "GitLab Issue #19557",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0211",
"datePublished": "2024-01-03T07:31:30.639Z",
"dateReserved": "2024-01-03T07:31:05.652Z",
"dateUpdated": "2026-03-27T13:56:56.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-50763 (GCVE-0-2023-50763)
Vulnerability from cvelistv5 – Published: 2024-06-11 11:15 – Updated: 2024-08-02 22:16
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains.
This could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC CP 1542SP-1 |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIMATIC CP 1542SP-1 IRC |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIMATIC CP 1543SP-1 |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIPLUS ET 200SP CP 1543SP-1 ISEC |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL |
Affected:
0 , < V2.3
(custom)
|
|
| Siemens | SIPLUS TIM 1531 IRC |
Affected:
0 , < V2.4.8
(custom)
|
|
| Siemens | TIM 1531 IRC |
Affected:
0 , < V2.4.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:16:37.494371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:16:47.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains.\r\n\r\nThis could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:04:34.906Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-50763",
"datePublished": "2024-06-11T11:15:18.921Z",
"dateReserved": "2023-12-13T11:47:39.148Z",
"dateUpdated": "2024-08-02T22:16:47.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46250 (GCVE-0-2023-46250)
Vulnerability from cvelistv5 – Published: 2023-10-31 15:23 – Updated: 2024-09-05 18:54
VLAI
EPSS
VEX
Title
pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/2264 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/9b23ac3c96… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/2264",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/py-pdf/pypdf/pull/2264"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:52:16.129180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:54:52.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T15:23:32.852Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/2264",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/2264"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d"
}
],
"source": {
"advisory": "GHSA-wjcc-cq79-p63f",
"discovery": "UNKNOWN"
},
"title": "pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46250",
"datePublished": "2023-10-31T15:23:32.852Z",
"dateReserved": "2023-10-19T20:34:00.948Z",
"dateUpdated": "2024-09-05T18:54:52.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45233 (GCVE-0-2023-45233)
Vulnerability from cvelistv5 – Published: 2024-01-16 16:13 – Updated: 2025-11-04 18:17
VLAI
EPSS
VEX
Title
Infinite loop in EDK II Network Package
Summary
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
7 references
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:17:37.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/132380"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45233",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-20T05:00:22.954532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:57:38.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quarkslab Vulnerability Reports Team"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Doug Flick"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EDK2\u0027s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability."
}
],
"value": "EDK2\u0027s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T02:06:17.031Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Infinite loop in EDK II Network Package",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2023-45233",
"datePublished": "2024-01-16T16:13:50.113Z",
"dateReserved": "2023-10-05T20:48:19.878Z",
"dateUpdated": "2025-11-04T18:17:37.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-45232 (GCVE-0-2023-45232)
Vulnerability from cvelistv5 – Published: 2024-01-16 16:12 – Updated: 2025-11-04 18:17
VLAI
EPSS
VEX
Title
Infinite loop in EDK II Network Package
Summary
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
7 references
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:17:36.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/132380"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:43:28.931722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:08:40.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quarkslab Vulnerability Reports Team"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Doug Flick"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability."
}
],
"value": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T02:06:11.467Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Infinite loop in EDK II Network Package",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2023-45232",
"datePublished": "2024-01-16T16:12:32.584Z",
"dateReserved": "2023-10-05T20:48:19.878Z",
"dateUpdated": "2025-11-04T18:17:36.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-43645 (GCVE-0-2023-43645)
Vulnerability from cvelistv5 – Published: 2023-09-26 20:58 – Updated: 2024-09-23 20:20
VLAI
EPSS
VEX
Title
Denial of service from circular relationship definitions in OpenFGA
Summary
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openfga/openfga/security/advis… | x_refsource_CONFIRM |
| https://github.com/openfga/openfga/commit/7252960… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/openfga/openfga/security/advisories/GHSA-2hm9-h873-pgqh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-2hm9-h873-pgqh"
},
{
"name": "https://github.com/openfga/openfga/commit/725296025fd81227c89525808652c6acd4a605f6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openfga/openfga/commit/725296025fd81227c89525808652c6acd4a605f6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T20:20:03.702938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:20:10.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openfga",
"vendor": "openfga",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it\u0027s possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T20:58:17.826Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openfga/openfga/security/advisories/GHSA-2hm9-h873-pgqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-2hm9-h873-pgqh"
},
{
"name": "https://github.com/openfga/openfga/commit/725296025fd81227c89525808652c6acd4a605f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openfga/openfga/commit/725296025fd81227c89525808652c6acd4a605f6"
}
],
"source": {
"advisory": "GHSA-2hm9-h873-pgqh",
"discovery": "UNKNOWN"
},
"title": "Denial of service from circular relationship definitions in OpenFGA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43645",
"datePublished": "2023-09-26T20:58:17.826Z",
"dateReserved": "2023-09-20T15:35:38.146Z",
"dateUpdated": "2024-09-23T20:20:10.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43511 (GCVE-0-2023-43511)
Vulnerability from cvelistv5 – Published: 2024-01-02 05:38 – Updated: 2025-06-16 19:53
VLAI
EPSS
VEX
Title
Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware
Summary
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
315 5G IoT Modem
Affected: 9206 LTE Modem Affected: APQ8017 Affected: APQ8064AU Affected: APQ8092 Affected: APQ8094 Affected: AQT1000 Affected: AR8031 Affected: AR8035 Affected: AR9380 Affected: CSR8811 Affected: CSRA6620 Affected: CSRA6640 Affected: CSRB31024 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: Flight RB5 5G Platform Affected: Home Hub 100 Platform Affected: Immersive Home 214 Platform Affected: Immersive Home 216 Platform Affected: Immersive Home 316 Platform Affected: Immersive Home 318 Platform Affected: Immersive Home 3210 Platform Affected: Immersive Home 326 Platform Affected: IPQ4018 Affected: IPQ4028 Affected: IPQ4029 Affected: IPQ5010 Affected: IPQ5028 Affected: IPQ5332 Affected: IPQ6000 Affected: IPQ6010 Affected: IPQ6018 Affected: IPQ6028 Affected: IPQ8064 Affected: IPQ8065 Affected: IPQ8068 Affected: IPQ8069 Affected: IPQ8070 Affected: IPQ8070A Affected: IPQ8071A Affected: IPQ8072A Affected: IPQ8074 Affected: IPQ8074A Affected: IPQ8076 Affected: IPQ8076A Affected: IPQ8078 Affected: IPQ8078A Affected: IPQ8173 Affected: IPQ8174 Affected: IPQ9008 Affected: IPQ9554 Affected: IPQ9570 Affected: IPQ9574 Affected: MDM9250 Affected: MDM9628 Affected: MDM9640 Affected: MDM9645 Affected: MDM9650 Affected: MSM8996AU Affected: PMP8074 Affected: QAM8255P Affected: QAM8295P Affected: QAM8650P Affected: QAM8775P Affected: QCA0000 Affected: QCA1023 Affected: QCA1062 Affected: QCA1064 Affected: QCA1990 Affected: QCA2062 Affected: QCA2064 Affected: QCA2065 Affected: QCA2066 Affected: QCA4024 Affected: QCA4531 Affected: QCA6174 Affected: QCA6174A Affected: QCA6175A Affected: QCA6310 Affected: QCA6320 Affected: QCA6335 Affected: QCA6391 Affected: QCA6420 Affected: QCA6421 Affected: QCA6426 Affected: QCA6428 Affected: QCA6430 Affected: QCA6431 Affected: QCA6436 Affected: QCA6438 Affected: QCA6554A Affected: QCA6564 Affected: QCA6564A Affected: QCA6564AU Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584 Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA8072 Affected: QCA8075 Affected: QCA8081 Affected: QCA8082 Affected: QCA8084 Affected: QCA8085 Affected: QCA8337 Affected: QCA8386 Affected: QCA9367 Affected: QCA9377 Affected: QCA9379 Affected: QCA9886 Affected: QCA9888 Affected: QCA9889 Affected: QCA9898 Affected: QCA9980 Affected: QCA9984 Affected: QCA9985 Affected: QCA9986 Affected: QCA9990 Affected: QCA9992 Affected: QCA9994 Affected: QCC2073 Affected: QCC2076 Affected: QCC710 Affected: QCF8001 Affected: QCM2290 Affected: QCM4290 Affected: QCM4325 Affected: QCM4490 Affected: QCM6125 Affected: QCM6490 Affected: QCM8550 Affected: QCN5021 Affected: QCN5022 Affected: QCN5024 Affected: QCN5052 Affected: QCN5054 Affected: QCN5122 Affected: QCN5124 Affected: QCN5152 Affected: QCN5154 Affected: QCN5164 Affected: QCN6023 Affected: QCN6024 Affected: QCN6100 Affected: QCN6102 Affected: QCN6112 Affected: QCN6122 Affected: QCN6132 Affected: QCN6224 Affected: QCN6274 Affected: QCN7605 Affected: QCN7606 Affected: QCN9000 Affected: QCN9001 Affected: QCN9002 Affected: QCN9003 Affected: QCN9011 Affected: QCN9012 Affected: QCN9013 Affected: QCN9022 Affected: QCN9024 Affected: QCN9070 Affected: QCN9072 Affected: QCN9074 Affected: QCN9100 Affected: QCN9274 Affected: QCS2290 Affected: QCS410 Affected: QCS4290 Affected: QCS4490 Affected: QCS610 Affected: QCS6125 Affected: QCS6490 Affected: QCS7230 Affected: QCS8250 Affected: QCS8550 Affected: QFW7114 Affected: QFW7124 Affected: QRB5165M Affected: QRB5165N Affected: QSM8250 Affected: QSM8350 Affected: Qualcomm Video Collaboration VC1 Platform Affected: Qualcomm Video Collaboration VC3 Platform Affected: Qualcomm Video Collaboration VC5 Platform Affected: Robotics RB3 Platform Affected: Robotics RB5 Platform Affected: SA4150P Affected: SA4155P Affected: SA6145P Affected: SA6150P Affected: SA6155 Affected: SA6155P Affected: SA8145P Affected: SA8150P Affected: SA8155 Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SC8180X+SDX55 Affected: SD 455 Affected: SD 675 Affected: SD 8 Gen1 5G Affected: SD 8CX Affected: SD460 Affected: SD660 Affected: SD662 Affected: SD670 Affected: SD675 Affected: SD730 Affected: SD820 Affected: SD821 Affected: SD835 Affected: SD855 Affected: SD865 5G Affected: SD888 Affected: SDX20M Affected: SDX55 Affected: SDX65M Affected: SG4150P Affected: SG8275P Affected: SM4125 Affected: SM6250 Affected: SM6250P Affected: SM7250P Affected: SM7315 Affected: SM7325P Affected: SM8550P Affected: Smart Audio 200 Platform Affected: Smart Audio 400 Platform Affected: Snapdragon 1200 Wearable Platform Affected: Snapdragon 4 Gen 1 Mobile Platform Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 480 5G Mobile Platform Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Affected: Snapdragon 630 Mobile Platform Affected: Snapdragon 636 Mobile Platform Affected: Snapdragon 660 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 665 Mobile Platform Affected: Snapdragon 670 Mobile Platform Affected: Snapdragon 675 Mobile Platform Affected: Snapdragon 678 Mobile Platform (SM6150-AC) Affected: Snapdragon 680 4G Mobile Platform Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD) Affected: Snapdragon 690 5G Mobile Platform Affected: Snapdragon 695 5G Mobile Platform Affected: Snapdragon 710 Mobile Platform Affected: Snapdragon 712 Mobile Platform Affected: Snapdragon 720G Mobile Platform Affected: Snapdragon 730 Mobile Platform (SM7150-AA) Affected: Snapdragon 730G Mobile Platform (SM7150-AB) Affected: Snapdragon 732G Mobile Platform (SM7150-AC) Affected: Snapdragon 750G 5G Mobile Platform Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA) Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Affected: Snapdragon 778G 5G Mobile Platform Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Affected: Snapdragon 780G 5G Mobile Platform Affected: Snapdragon 782G Mobile Platform (SM7325-AF) Affected: Snapdragon 7c Compute Platform (SC7180-AC) Affected: Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro" Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 2 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon 8+ Gen 2 Mobile Platform Affected: Snapdragon 808 Processor Affected: Snapdragon 810 Processor Affected: Snapdragon 820 Automotive Platform Affected: Snapdragon 820 Mobile Platform Affected: Snapdragon 821 Mobile Platform Affected: Snapdragon 835 Mobile PC Platform Affected: Snapdragon 845 Mobile Platform Affected: Snapdragon 850 Mobile Compute Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Affected: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: Snapdragon X12 LTE Modem Affected: Snapdragon X20 LTE Modem Affected: Snapdragon X24 LTE Modem Affected: Snapdragon X5 LTE Modem Affected: Snapdragon X50 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR1 Platform Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: Snapdragon Auto 4G Modem Affected: SSG2115P Affected: SSG2125P Affected: SW5100 Affected: SW5100P Affected: SXR1120 Affected: SXR1230P Affected: SXR2130 Affected: SXR2230P Affected: Vision Intelligence 300 Platform Affected: Vision Intelligence 400 Platform Affected: WCD9326 Affected: WCD9330 Affected: WCD9335 Affected: WCD9340 Affected: WCD9341 Affected: WCD9360 Affected: WCD9370 Affected: WCD9371 Affected: WCD9375 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3610 Affected: WCN3615 Affected: WCN3660B Affected: WCN3910 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN3990 Affected: WCN3999 Affected: WCN6740 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T20:46:08.508288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T19:53:38.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer Electronics Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon IoT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables",
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "315 5G IoT Modem"
},
{
"status": "affected",
"version": "9206 LTE Modem"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8064AU"
},
{
"status": "affected",
"version": "APQ8092"
},
{
"status": "affected",
"version": "APQ8094"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "AR9380"
},
{
"status": "affected",
"version": "CSR8811"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "Flight RB5 5G Platform"
},
{
"status": "affected",
"version": "Home Hub 100 Platform"
},
{
"status": "affected",
"version": "Immersive Home 214 Platform"
},
{
"status": "affected",
"version": "Immersive Home 216 Platform"
},
{
"status": "affected",
"version": "Immersive Home 316 Platform"
},
{
"status": "affected",
"version": "Immersive Home 318 Platform"
},
{
"status": "affected",
"version": "Immersive Home 3210 Platform"
},
{
"status": "affected",
"version": "Immersive Home 326 Platform"
},
{
"status": "affected",
"version": "IPQ4018"
},
{
"status": "affected",
"version": "IPQ4028"
},
{
"status": "affected",
"version": "IPQ4029"
},
{
"status": "affected",
"version": "IPQ5010"
},
{
"status": "affected",
"version": "IPQ5028"
},
{
"status": "affected",
"version": "IPQ5332"
},
{
"status": "affected",
"version": "IPQ6000"
},
{
"status": "affected",
"version": "IPQ6010"
},
{
"status": "affected",
"version": "IPQ6018"
},
{
"status": "affected",
"version": "IPQ6028"
},
{
"status": "affected",
"version": "IPQ8064"
},
{
"status": "affected",
"version": "IPQ8065"
},
{
"status": "affected",
"version": "IPQ8068"
},
{
"status": "affected",
"version": "IPQ8069"
},
{
"status": "affected",
"version": "IPQ8070"
},
{
"status": "affected",
"version": "IPQ8070A"
},
{
"status": "affected",
"version": "IPQ8071A"
},
{
"status": "affected",
"version": "IPQ8072A"
},
{
"status": "affected",
"version": "IPQ8074"
},
{
"status": "affected",
"version": "IPQ8074A"
},
{
"status": "affected",
"version": "IPQ8076"
},
{
"status": "affected",
"version": "IPQ8076A"
},
{
"status": "affected",
"version": "IPQ8078"
},
{
"status": "affected",
"version": "IPQ8078A"
},
{
"status": "affected",
"version": "IPQ8173"
},
{
"status": "affected",
"version": "IPQ8174"
},
{
"status": "affected",
"version": "IPQ9008"
},
{
"status": "affected",
"version": "IPQ9554"
},
{
"status": "affected",
"version": "IPQ9570"
},
{
"status": "affected",
"version": "IPQ9574"
},
{
"status": "affected",
"version": "MDM9250"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MDM9640"
},
{
"status": "affected",
"version": "MDM9645"
},
{
"status": "affected",
"version": "MDM9650"
},
{
"status": "affected",
"version": "MSM8996AU"
},
{
"status": "affected",
"version": "PMP8074"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QCA0000"
},
{
"status": "affected",
"version": "QCA1023"
},
{
"status": "affected",
"version": "QCA1062"
},
{
"status": "affected",
"version": "QCA1064"
},
{
"status": "affected",
"version": "QCA1990"
},
{
"status": "affected",
"version": "QCA2062"
},
{
"status": "affected",
"version": "QCA2064"
},
{
"status": "affected",
"version": "QCA2065"
},
{
"status": "affected",
"version": "QCA2066"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCA4531"
},
{
"status": "affected",
"version": "QCA6174"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6175A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6428"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6438"
},
{
"status": "affected",
"version": "QCA6554A"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8072"
},
{
"status": "affected",
"version": "QCA8075"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8082"
},
{
"status": "affected",
"version": "QCA8084"
},
{
"status": "affected",
"version": "QCA8085"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA8386"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCA9886"
},
{
"status": "affected",
"version": "QCA9888"
},
{
"status": "affected",
"version": "QCA9889"
},
{
"status": "affected",
"version": "QCA9898"
},
{
"status": "affected",
"version": "QCA9980"
},
{
"status": "affected",
"version": "QCA9984"
},
{
"status": "affected",
"version": "QCA9985"
},
{
"status": "affected",
"version": "QCA9986"
},
{
"status": "affected",
"version": "QCA9990"
},
{
"status": "affected",
"version": "QCA9992"
},
{
"status": "affected",
"version": "QCA9994"
},
{
"status": "affected",
"version": "QCC2073"
},
{
"status": "affected",
"version": "QCC2076"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCF8001"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM4325"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN5021"
},
{
"status": "affected",
"version": "QCN5022"
},
{
"status": "affected",
"version": "QCN5024"
},
{
"status": "affected",
"version": "QCN5052"
},
{
"status": "affected",
"version": "QCN5054"
},
{
"status": "affected",
"version": "QCN5122"
},
{
"status": "affected",
"version": "QCN5124"
},
{
"status": "affected",
"version": "QCN5152"
},
{
"status": "affected",
"version": "QCN5154"
},
{
"status": "affected",
"version": "QCN5164"
},
{
"status": "affected",
"version": "QCN6023"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6100"
},
{
"status": "affected",
"version": "QCN6102"
},
{
"status": "affected",
"version": "QCN6112"
},
{
"status": "affected",
"version": "QCN6122"
},
{
"status": "affected",
"version": "QCN6132"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN7605"
},
{
"status": "affected",
"version": "QCN7606"
},
{
"status": "affected",
"version": "QCN9000"
},
{
"status": "affected",
"version": "QCN9001"
},
{
"status": "affected",
"version": "QCN9002"
},
{
"status": "affected",
"version": "QCN9003"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9013"
},
{
"status": "affected",
"version": "QCN9022"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9070"
},
{
"status": "affected",
"version": "QCN9072"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCN9100"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS7230"
},
{
"status": "affected",
"version": "QCS8250"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "Robotics RB5 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SC8180X+SDX55"
},
{
"status": "affected",
"version": "SD 455"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD820"
},
{
"status": "affected",
"version": "SD821"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SDX20M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX65M"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "Smart Audio 200 Platform"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 1200 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 630 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 636 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 660 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 665 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 690 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 710 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 712 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 720G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
},
{
"status": "affected",
"version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
},
{
"status": "affected",
"version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 750G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 780G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c Compute Platform (SC7180-AC)"
},
{
"status": "affected",
"version": "Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) \"Rennell Pro\""
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 808 Processor"
},
{
"status": "affected",
"version": "Snapdragon 810 Processor"
},
{
"status": "affected",
"version": "Snapdragon 820 Automotive Platform"
},
{
"status": "affected",
"version": "Snapdragon 820 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 821 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 835 Mobile PC Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 850 Mobile Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X12 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X20 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X5 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 4G Modem"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:05:11.641Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"title": "Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-43511",
"datePublished": "2024-01-02T05:38:53.528Z",
"dateReserved": "2023-09-19T14:48:15.088Z",
"dateUpdated": "2025-06-16T19:53:38.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42815 (GCVE-0-2023-42815)
Vulnerability from cvelistv5 – Published: 2023-11-13 20:33 – Updated: 2024-08-02 19:30
VLAI
EPSS
VEX
Title
Denial of service from malicious image manifest in kyverno
Summary
Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.
Severity
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/kyverno/kyverno/security/advis… | x_refsource_CONFIRM |
| https://github.com/kyverno/kyverno/pull/8428 | x_refsource_MISC |
| https://github.com/kyverno/kyverno/commit/80d139b… | x_refsource_MISC |
| https://github.com/kyverno/kyverno/commit/fec2992… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262"
},
{
"name": "https://github.com/kyverno/kyverno/pull/8428",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kyverno/kyverno/pull/8428"
},
{
"name": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"
},
{
"name": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kyverno",
"vendor": "kyverno",
"versions": [
{
"status": "affected",
"version": "\u003e= 80d139bb5d1d9d7e907abe851b97dc73821a5be2, \u003c fec2992e3f9fcd6b9c62267522c09b182e7df73b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users\u0027 admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:53:14.598Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262"
},
{
"name": "https://github.com/kyverno/kyverno/pull/8428",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kyverno/kyverno/pull/8428"
},
{
"name": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"
},
{
"name": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"
}
],
"source": {
"advisory": "GHSA-hjpv-68f4-2262",
"discovery": "UNKNOWN"
},
"title": "Denial of service from malicious image manifest in kyverno"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42815",
"datePublished": "2023-11-13T20:33:24.955Z",
"dateReserved": "2023-09-14T16:13:33.308Z",
"dateUpdated": "2024-08-02T19:30:24.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.