Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1060 vulnerabilities reference this CWE, most recent first.

GHSA-5X64-925V-H4GV

Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:48
VLAI
Summary
FaucetSDN Ryu Denial of Service Vulnerability
Details

An issue was discovered in OFPQueueGetConfigReply in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ryu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-11T22:03:46Z",
    "nvd_published_at": "2023-08-11T14:15:11Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
  "id": "GHSA-5x64-925v-h4gv",
  "modified": "2023-08-18T15:48:16Z",
  "published": "2023-08-11T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/faucetsdn/ryu/issues/118"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/faucetsdn/ryu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}

GHSA-5XQP-7G33-7HX3

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-04T09:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
  "id": "GHSA-5xqp-7g33-7hx3",
  "modified": "2022-05-13T01:12:10Z",
  "published": "2022-05-13T01:12:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19840"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dbry/WavPack/issues/53"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Dec/37"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-19"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3839-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XQR-GRQ4-QWGX

Vulnerability from github – Published: 2018-10-17 00:04 – Updated: 2022-11-17 18:39
VLAI
Summary
Junrar vulnerable to Infinite Loop
Details

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.github.junrar:junrar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-12418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:17:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.",
  "id": "GHSA-5xqr-grq4-qwgx",
  "modified": "2022-11-17T18:39:50Z",
  "published": "2018-10-17T00:04:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12418"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junrar/junrar/pull/8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-5xqr-grq4-qwgx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/junrar/junrar"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Junrar vulnerable to Infinite Loop"
}

GHSA-636H-F5G9-P45X

Vulnerability from github – Published: 2022-05-01 07:38 – Updated: 2022-05-01 07:38
VLAI
Details

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-6499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-12-20T01:28:00Z",
    "severity": "MODERATE"
  },
  "details": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.",
  "id": "GHSA-636h-f5g9-p45x",
  "modified": "2022-05-01T07:38:40Z",
  "published": "2022-05-01T07:38:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6499"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23282"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23422"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23545"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23589"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23591"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23614"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23672"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23692"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23988"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24078"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24390"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017398"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017405"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017406"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1253"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1258"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1265"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/427972"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21668"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-398-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-398-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-400-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/5068"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1124"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-63P4-W7WR-6HXG

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.",
  "id": "GHSA-63p4-w7wr-6hxg",
  "modified": "2022-05-24T17:35:59Z",
  "published": "2022-05-24T17:35:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13986"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/815128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-649X-HXFX-57J2

Vulnerability from github – Published: 2024-05-08 14:32 – Updated: 2024-05-10 21:33
VLAI
Summary
Vitess vulnerable to infinite memory consumption and vtgate crash
Details

Summary

When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM.

Details

When running the following query, the evalengine will try evaluate it and runs forever.

select _utf16 0xFF

The source of the bug lies in the collation logic that we have. The bug applies to all utf16, utf32 and ucs2 encodings. In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.

The decoding functions for these collations all implement logic like the following to enforce the minimal character length:

https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71

The problem is that all the callers of DecodeRune expect progress by returning the number of bytes consumed. This means that if there's only 1 byte left in an input, it will here return still 0 and the caller(s) don't consume the character.

One example of such a caller is the following:

https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79

The logic here moves forward the pointer in the input []byte but if DecodeRune returns 0 in case of error, it will keep running forever. The OOM happens since it keeps adding the ? as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.

The fix here would be to always return forward progress also on invalid strings.

There's also a separate bug here that even if progress is guaranteed, select _utf16 0xFF will return the wrong result currently. MySQL will pad here the input when the _utf16 introducer is used with leading 0x00 bytes and then decode to UTF-16, resulting in the output of ÿ here.

PoC

select _utf16 0xFF

Impact

Denial of service attack by triggering unbounded memory usage.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "19.0.0"
            },
            {
              "fixed": "19.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "18.0.0"
            },
            {
              "fixed": "18.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.17.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.18.0"
            },
            {
              "fixed": "0.18.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.19.0"
            },
            {
              "fixed": "0.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-08T14:32:32Z",
    "nvd_published_at": "2024-05-08T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWhen executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will OOM.\n\n### Details\n\nWhen running the following query, the `evalengine` will try evaluate it and runs forever.\n\n```\nselect _utf16 0xFF\n```\n\nThe source of the bug lies in the collation logic that we have. The bug applies to all `utf16`,  `utf32` and `ucs2` encodings.  In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.\n\nThe decoding functions for these collations all implement logic like the following to enforce the minimal character length:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\n\nThe problem is that all the callers of `DecodeRune` expect progress by returning the number of bytes consumed. This means that if there\u0027s only 1 byte left in an input, it will here return still `0` and the caller(s) don\u0027t consume the character. \n\nOne example of such a caller is the following:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\n\nThe logic here moves forward the pointer in the input `[]byte` but if `DecodeRune` returns `0` in case of error, it will keep running forever. The OOM happens since it keeps adding the `?` as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.\n\nThe fix here would be to always return forward progress also on invalid strings. \n\nThere\u0027s also a separate bug here that even if progress is guaranteed, `select _utf16 0xFF` will return the wrong result currently. MySQL will pad here the input when the `_utf16` introducer is used with leading `0x00` bytes and then decode to UTF-16, resulting in the output of `\u00ff` here. \n\n### PoC\n\n```\nselect _utf16 0xFF\n```\n\n### Impact\n\nDenial of service attack by triggering unbounded memory usage.",
  "id": "GHSA-649x-hxfx-57j2",
  "modified": "2024-05-10T21:33:14Z",
  "published": "2024-05-08T14:32:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32886"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vitessio/vitess"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vitess vulnerable to infinite memory consumption and vtgate crash"
}

GHSA-65XW-VW82-R86X

Vulnerability from github – Published: 2026-03-29 15:19 – Updated: 2026-03-30 21:19
VLAI
Summary
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion
Details

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/antchfx/xpath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:19:45Z",
    "nvd_published_at": "2026-03-26T20:16:12Z",
    "severity": "HIGH"
  },
  "details": "Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \"1=1\" or \"true()\".",
  "id": "GHSA-65xw-vw82-r86x",
  "modified": "2026-03-30T21:19:36Z",
  "published": "2026-03-29T15:19:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antchfx/xpath/issues/121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/vulndb/issues/4526"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/antchfx/xpath"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-4526"
    },
    {
      "type": "WEB",
      "url": "https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion"
}

GHSA-6729-2HP6-XXX8

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-13T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product\u0027s web site states \"This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products.\"",
  "id": "GHSA-6729-2hp6-xxx8",
  "modified": "2022-05-13T01:23:05Z",
  "published": "2022-05-13T01:23:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9747"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/geekman/tinysvcmdns/issues/11/denial-of-service-vulnerability-infinite"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67RX-HJ63-9H2V

Vulnerability from github – Published: 2023-01-13 03:30 – Updated: 2023-01-23 18:30
VLAI
Details

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.",
  "id": "GHSA-67rx-hj63-9h2v",
  "modified": "2023-01-23T18:30:19Z",
  "published": "2023-01-13T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48256"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6976-M887-R48H

Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-15 21:31
VLAI
Details

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
  "id": "GHSA-6976-m887-r48h",
  "modified": "2025-05-15T21:31:14Z",
  "published": "2022-10-14T12:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42721"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5257"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.