CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-45XF-WH8J-3X9P
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
f2fs: avoid infinite loop to flush node pages
xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it.
[16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d/0x130 [16418.525238] __submit_bio+0x49/0x310 [f2fs] [16418.525339] ? bio_add_page+0x6a/0x90 [16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs] [16418.525365] read_node_page+0x125/0x1b0 [f2fs] [16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs] [16418.525409] __get_node_page+0x2f/0x60 [f2fs] [16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs] [16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30 [16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40 [16418.525467] ? __xa_set_mark+0x57/0x70 [16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs] [16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs] [16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90 [16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs] [16418.525545] ? blk_flush_plug_list+0x47/0x100 [16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs] [16418.525569] do_writepages+0xd5/0x210 [16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0 [16418.525655] filemap_fdatawrite+0x50/0x70 [16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs] [16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs] [16418.525699] ? ttwu_do_wakeup+0x1c/0x160 [16418.525709] ? ttwu_do_activate+0x6d/0xd0 [16418.525711] ? __wait_for_common+0x11d/0x150 [16418.525715] kill_f2fs_super+0xca/0x100 [f2fs] [16418.525733] deactivate_locked_super+0x3b/0xb0 [16418.525739] deactivate_super+0x40/0x50 [16418.525741] cleanup_mnt+0x139/0x190 [16418.525747] __cleanup_mnt+0x12/0x20 [16418.525749] task_work_run+0x6d/0xa0 [16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0 [16418.525771] syscall_exit_to_user_mode+0x27/0x50 [16418.525774] do_syscall_64+0x48/0xc0 [16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae
{
"affected": [],
"aliases": [
"CVE-2022-49317"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let\u0027s avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553] ? dm_submit_bio+0x48/0x400\n[16418.518574] ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207] __submit_bio+0x1a9/0x230\n[16418.525210] ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223] submit_bio_noacct+0xa8/0x2b0\n[16418.525226] submit_bio+0x4d/0x130\n[16418.525238] __submit_bio+0x49/0x310 [f2fs]\n[16418.525339] ? bio_add_page+0x6a/0x90\n[16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365] read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409] __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467] ? __xa_set_mark+0x57/0x70\n[16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545] ? blk_flush_plug_list+0x47/0x100\n[16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569] do_writepages+0xd5/0x210\n[16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655] filemap_fdatawrite+0x50/0x70\n[16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699] ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709] ? ttwu_do_activate+0x6d/0xd0\n[16418.525711] ? __wait_for_common+0x11d/0x150\n[16418.525715] kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733] deactivate_locked_super+0x3b/0xb0\n[16418.525739] deactivate_super+0x40/0x50\n[16418.525741] cleanup_mnt+0x139/0x190\n[16418.525747] __cleanup_mnt+0x12/0x20\n[16418.525749] task_work_run+0x6d/0xa0\n[16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771] syscall_exit_to_user_mode+0x27/0x50\n[16418.525774] do_syscall_64+0x48/0xc0\n[16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae",
"id": "GHSA-45xf-wh8j-3x9p",
"modified": "2025-03-14T00:30:51Z",
"published": "2025-03-14T00:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49317"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7b8618aa2f0f926ce85f2486ac835a85c753ca7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4699-632X-4VXR
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-04-04 03:06In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
{
"affected": [],
"aliases": [
"CVE-2019-12068"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-24T20:15:00Z",
"severity": "LOW"
},
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GHSA-4699-632x-4vxr",
"modified": "2024-04-04T03:06:56Z",
"published": "2022-05-24T22:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-46HJ-M8HR-C3H7
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
{
"affected": [],
"aliases": [
"CVE-2013-2789"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-08-22T05:34:00Z",
"severity": "HIGH"
},
"details": "The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.",
"id": "GHSA-46hj-m8hr-c3h7",
"modified": "2022-05-13T01:03:51Z",
"published": "2022-05-13T01:03:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2789"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-226-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-46HR-8MQ3-W232
Vulnerability from github – Published: 2025-11-20 15:30 – Updated: 2025-11-21 21:30Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.
{
"affected": [],
"aliases": [
"CVE-2025-41075"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-20T15:17:29Z",
"severity": "MODERATE"
},
"details": "Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin\u00a0that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.",
"id": "GHSA-46hr-8mq3-w232",
"modified": "2025-11-21T21:30:17Z",
"published": "2025-11-20T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41075"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4749-XQ6X-59V3
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-04 00:00Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
{
"affected": [],
"aliases": [
"CVE-2022-23968"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-26T06:15:00Z",
"severity": "HIGH"
},
"details": "Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included \"believed to affect all previous and later versions as of the date of this posting\" but a 2022-01-26 vendor statement reports \"the latest versions of firmware are not vulnerable to this issue.\"",
"id": "GHSA-4749-xq6x-59v3",
"modified": "2022-02-04T00:00:46Z",
"published": "2022-01-27T00:01:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23968"
},
{
"type": "WEB",
"url": "https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers"
},
{
"type": "WEB",
"url": "https://twitter.com/mqudsi/status/1485756915187695618"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-48MR-3PHH-9XCG
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
{
"affected": [],
"aliases": [
"CVE-2017-6299"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-24T04:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\"",
"id": "GHSA-48mr-3phh-9xcg",
"modified": "2025-04-20T03:33:21Z",
"published": "2022-05-13T01:46:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6299"
},
{
"type": "WEB",
"url": "https://github.com/Yeraze/ytnef/pull/27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3846"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96423"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48R6-G3Q9-VPCP
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:45The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
{
"affected": [],
"aliases": [
"CVE-2017-14741"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-26T02:29:00Z",
"severity": "MODERATE"
},
"details": "The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.",
"id": "GHSA-48r6-g3q9-vpcp",
"modified": "2025-04-20T03:45:53Z",
"published": "2022-05-13T01:17:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14741"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/771"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4987-5P3P-9R27
Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:47An issue was discovered in OFPBundleCtrlMsg in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ryu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35139"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-11T22:03:55Z",
"nvd_published_at": "2023-08-11T14:15:11Z",
"severity": "HIGH"
},
"details": "An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
"id": "GHSA-4987-5p3p-9r27",
"modified": "2023-08-18T15:47:53Z",
"published": "2023-08-11T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35139"
},
{
"type": "WEB",
"url": "https://github.com/faucetsdn/ryu/issues/118"
},
{
"type": "PACKAGE",
"url": "https://github.com/faucetsdn/ryu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}
GHSA-49F9-3P9F-VGR4
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
{
"affected": [],
"aliases": [
"CVE-2017-17131"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-05T19:29:00Z",
"severity": "MODERATE"
},
"details": "Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.",
"id": "GHSA-49f9-3p9f-vgr4",
"modified": "2022-05-13T01:44:17Z",
"published": "2022-05-13T01:44:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17131"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-49Q3-9XM4-CPJ5
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-09-06 00:00hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
{
"affected": [],
"aliases": [
"CVE-2020-28916"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-04T07:15:00Z",
"severity": "MODERATE"
},
"details": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.",
"id": "GHSA-49q3-9xm4-cpj5",
"modified": "2022-09-06T00:00:28Z",
"published": "2022-05-24T17:35:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28916"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/12/01/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.