Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-45XF-WH8J-3X9P

Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: avoid infinite loop to flush node pages

xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it.

[16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d/0x130 [16418.525238] __submit_bio+0x49/0x310 [f2fs] [16418.525339] ? bio_add_page+0x6a/0x90 [16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs] [16418.525365] read_node_page+0x125/0x1b0 [f2fs] [16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs] [16418.525409] __get_node_page+0x2f/0x60 [f2fs] [16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs] [16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30 [16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40 [16418.525467] ? __xa_set_mark+0x57/0x70 [16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs] [16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs] [16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90 [16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs] [16418.525545] ? blk_flush_plug_list+0x47/0x100 [16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs] [16418.525569] do_writepages+0xd5/0x210 [16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0 [16418.525655] filemap_fdatawrite+0x50/0x70 [16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs] [16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs] [16418.525699] ? ttwu_do_wakeup+0x1c/0x160 [16418.525709] ? ttwu_do_activate+0x6d/0xd0 [16418.525711] ? __wait_for_common+0x11d/0x150 [16418.525715] kill_f2fs_super+0xca/0x100 [f2fs] [16418.525733] deactivate_locked_super+0x3b/0xb0 [16418.525739] deactivate_super+0x40/0x50 [16418.525741] cleanup_mnt+0x139/0x190 [16418.525747] __cleanup_mnt+0x12/0x20 [16418.525749] task_work_run+0x6d/0xa0 [16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0 [16418.525771] syscall_exit_to_user_mode+0x27/0x50 [16418.525774] do_syscall_64+0x48/0xc0 [16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let\u0027s avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553]  ? dm_submit_bio+0x48/0x400\n[16418.518574]  ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207]  __submit_bio+0x1a9/0x230\n[16418.525210]  ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223]  submit_bio_noacct+0xa8/0x2b0\n[16418.525226]  submit_bio+0x4d/0x130\n[16418.525238]  __submit_bio+0x49/0x310 [f2fs]\n[16418.525339]  ? bio_add_page+0x6a/0x90\n[16418.525344]  f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365]  read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388]  __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409]  __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431]  f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458]  ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465]  ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467]  ? __xa_set_mark+0x57/0x70\n[16418.525472]  f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493]  f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514]  ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523]  f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545]  ? blk_flush_plug_list+0x47/0x100\n[16418.525548]  f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569]  do_writepages+0xd5/0x210\n[16418.525648]  filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655]  filemap_fdatawrite+0x50/0x70\n[16418.525658]  f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679]  f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699]  ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709]  ? ttwu_do_activate+0x6d/0xd0\n[16418.525711]  ? __wait_for_common+0x11d/0x150\n[16418.525715]  kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733]  deactivate_locked_super+0x3b/0xb0\n[16418.525739]  deactivate_super+0x40/0x50\n[16418.525741]  cleanup_mnt+0x139/0x190\n[16418.525747]  __cleanup_mnt+0x12/0x20\n[16418.525749]  task_work_run+0x6d/0xa0\n[16418.525765]  exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771]  syscall_exit_to_user_mode+0x27/0x50\n[16418.525774]  do_syscall_64+0x48/0xc0\n[16418.525776]  entry_SYSCALL_64_after_hwframe+0x44/0xae",
  "id": "GHSA-45xf-wh8j-3x9p",
  "modified": "2025-03-14T00:30:51Z",
  "published": "2025-03-14T00:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49317"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7b8618aa2f0f926ce85f2486ac835a85c753ca7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4699-632X-4VXR

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-04-04 03:06
VLAI
Details

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-24T20:15:00Z",
    "severity": "LOW"
  },
  "details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
  "id": "GHSA-4699-632x-4vxr",
  "modified": "2024-04-04T03:06:56Z",
  "published": "2022-05-24T22:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4191-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4191-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4665"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46HJ-M8HR-C3H7

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-22T05:34:00Z",
    "severity": "HIGH"
  },
  "details": "The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.",
  "id": "GHSA-46hj-m8hr-c3h7",
  "modified": "2022-05-13T01:03:51Z",
  "published": "2022-05-13T01:03:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2789"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-226-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-46HR-8MQ3-W232

Vulnerability from github – Published: 2025-11-20 15:30 – Updated: 2025-11-21 21:30
VLAI
Details

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-20T15:17:29Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin\u00a0that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS  attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.",
  "id": "GHSA-46hr-8mq3-w232",
  "modified": "2025-11-21T21:30:17Z",
  "published": "2025-11-20T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41075"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4749-XQ6X-59V3

Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-04 00:00
VLAI
Details

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-26T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included \"believed to affect all previous and later versions as of the date of this posting\" but a 2022-01-26 vendor statement reports \"the latest versions of firmware are not vulnerable to this issue.\"",
  "id": "GHSA-4749-xq6x-59v3",
  "modified": "2022-02-04T00:00:46Z",
  "published": "2022-01-27T00:01:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23968"
    },
    {
      "type": "WEB",
      "url": "https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/mqudsi/status/1485756915187695618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-48MR-3PHH-9XCG

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33
VLAI
Details

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-24T04:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\"",
  "id": "GHSA-48mr-3phh-9xcg",
  "modified": "2025-04-20T03:33:21Z",
  "published": "2022-05-13T01:46:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6299"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yeraze/ytnef/pull/27"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3846"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96423"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48R6-G3Q9-VPCP

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:45
VLAI
Details

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-26T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.",
  "id": "GHSA-48r6-g3q9-vpcp",
  "modified": "2025-04-20T03:45:53Z",
  "published": "2022-05-13T01:17:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14741"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/771"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4987-5P3P-9R27

Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:47
VLAI
Summary
FaucetSDN Ryu Denial of Service Vulnerability
Details

An issue was discovered in OFPBundleCtrlMsg in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ryu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-11T22:03:55Z",
    "nvd_published_at": "2023-08-11T14:15:11Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
  "id": "GHSA-4987-5p3p-9r27",
  "modified": "2023-08-18T15:47:53Z",
  "published": "2023-08-11T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35139"
    },
    {
      "type": "WEB",
      "url": "https://github.com/faucetsdn/ryu/issues/118"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/faucetsdn/ryu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}

GHSA-49F9-3P9F-VGR4

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-05T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.",
  "id": "GHSA-49f9-3p9f-vgr4",
  "modified": "2022-05-13T01:44:17Z",
  "published": "2022-05-13T01:44:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17131"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-49Q3-9XM4-CPJ5

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-09-06 00:00
VLAI
Details

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-04T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.",
  "id": "GHSA-49q3-9xm4-cpj5",
  "modified": "2022-09-06T00:00:28Z",
  "published": "2022-05-24T17:35:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28916"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/12/01/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.