CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1060 vulnerabilities reference this CWE, most recent first.
GHSA-5X64-925V-H4GV
Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2023-08-18 15:48An issue was discovered in OFPQueueGetConfigReply in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ryu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35141"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-11T22:03:46Z",
"nvd_published_at": "2023-08-11T14:15:11Z",
"severity": "HIGH"
},
"details": "An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).",
"id": "GHSA-5x64-925v-h4gv",
"modified": "2023-08-18T15:48:16Z",
"published": "2023-08-11T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35141"
},
{
"type": "WEB",
"url": "https://github.com/faucetsdn/ryu/issues/118"
},
{
"type": "PACKAGE",
"url": "https://github.com/faucetsdn/ryu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "FaucetSDN Ryu Denial of Service Vulnerability"
}
GHSA-5XQP-7G33-7HX3
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
{
"affected": [],
"aliases": [
"CVE-2018-19840"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-04T09:29:00Z",
"severity": "MODERATE"
},
"details": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"id": "GHSA-5xqp-7g33-7hx3",
"modified": "2022-05-13T01:12:10Z",
"published": "2022-05-13T01:12:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19840"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/issues/53"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3839-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XQR-GRQ4-QWGX
Vulnerability from github – Published: 2018-10-17 00:04 – Updated: 2022-11-17 18:39Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.github.junrar:junrar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-12418"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:17:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.",
"id": "GHSA-5xqr-grq4-qwgx",
"modified": "2022-11-17T18:39:50Z",
"published": "2018-10-17T00:04:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12418"
},
{
"type": "WEB",
"url": "https://github.com/junrar/junrar/pull/8"
},
{
"type": "WEB",
"url": "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5xqr-grq4-qwgx"
},
{
"type": "PACKAGE",
"url": "https://github.com/junrar/junrar"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Junrar vulnerable to Infinite Loop"
}
GHSA-636H-F5G9-P45X
Vulnerability from github – Published: 2022-05-01 07:38 – Updated: 2022-05-01 07:38The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
{
"affected": [],
"aliases": [
"CVE-2006-6499"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-12-20T01:28:00Z",
"severity": "MODERATE"
},
"details": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.",
"id": "GHSA-636h-f5g9-p45x",
"modified": "2022-05-01T07:38:40Z",
"published": "2022-05-01T07:38:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6499"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23282"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23420"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23422"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23545"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23589"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23591"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23614"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23672"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23692"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23988"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24078"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24390"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017398"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017405"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1017406"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/21668"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1124"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0083"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-63P4-W7WR-6HXG
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
{
"affected": [],
"aliases": [
"CVE-2020-13986"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.",
"id": "GHSA-63p4-w7wr-6hxg",
"modified": "2022-05-24T17:35:59Z",
"published": "2022-05-24T17:35:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13986"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-649X-HXFX-57J2
Vulnerability from github – Published: 2024-05-08 14:32 – Updated: 2024-05-10 21:33Summary
When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM.
Details
When running the following query, the evalengine will try evaluate it and runs forever.
select _utf16 0xFF
The source of the bug lies in the collation logic that we have. The bug applies to all utf16, utf32 and ucs2 encodings. In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.
The decoding functions for these collations all implement logic like the following to enforce the minimal character length:
https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71
The problem is that all the callers of DecodeRune expect progress by returning the number of bytes consumed. This means that if there's only 1 byte left in an input, it will here return still 0 and the caller(s) don't consume the character.
One example of such a caller is the following:
https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79
The logic here moves forward the pointer in the input []byte but if DecodeRune returns 0 in case of error, it will keep running forever. The OOM happens since it keeps adding the ? as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.
The fix here would be to always return forward progress also on invalid strings.
There's also a separate bug here that even if progress is guaranteed, select _utf16 0xFF will return the wrong result currently. MySQL will pad here the input when the _utf16 introducer is used with leading 0x00 bytes and then decode to UTF-16, resulting in the output of ÿ here.
PoC
select _utf16 0xFF
Impact
Denial of service attack by triggering unbounded memory usage.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/vitessio/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/vitessio/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "18.0.0"
},
{
"fixed": "18.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/vitessio/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "vitess.io/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "vitess.io/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "0.18.0"
},
{
"fixed": "0.18.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "vitess.io/vitess"
},
"ranges": [
{
"events": [
{
"introduced": "0.19.0"
},
{
"fixed": "0.19.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-32886"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-08T14:32:32Z",
"nvd_published_at": "2024-05-08T14:15:08Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nWhen executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will OOM.\n\n### Details\n\nWhen running the following query, the `evalengine` will try evaluate it and runs forever.\n\n```\nselect _utf16 0xFF\n```\n\nThe source of the bug lies in the collation logic that we have. The bug applies to all `utf16`, `utf32` and `ucs2` encodings. In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.\n\nThe decoding functions for these collations all implement logic like the following to enforce the minimal character length:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\n\nThe problem is that all the callers of `DecodeRune` expect progress by returning the number of bytes consumed. This means that if there\u0027s only 1 byte left in an input, it will here return still `0` and the caller(s) don\u0027t consume the character. \n\nOne example of such a caller is the following:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\n\nThe logic here moves forward the pointer in the input `[]byte` but if `DecodeRune` returns `0` in case of error, it will keep running forever. The OOM happens since it keeps adding the `?` as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.\n\nThe fix here would be to always return forward progress also on invalid strings. \n\nThere\u0027s also a separate bug here that even if progress is guaranteed, `select _utf16 0xFF` will return the wrong result currently. MySQL will pad here the input when the `_utf16` introducer is used with leading `0x00` bytes and then decode to UTF-16, resulting in the output of `\u00ff` here. \n\n### PoC\n\n```\nselect _utf16 0xFF\n```\n\n### Impact\n\nDenial of service attack by triggering unbounded memory usage.",
"id": "GHSA-649x-hxfx-57j2",
"modified": "2024-05-10T21:33:14Z",
"published": "2024-05-08T14:32:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32886"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
},
{
"type": "PACKAGE",
"url": "https://github.com/vitessio/vitess"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Vitess vulnerable to infinite memory consumption and vtgate crash"
}
GHSA-65XW-VW82-R86X
Vulnerability from github – Published: 2026-03-29 15:19 – Updated: 2026-03-30 21:19Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/antchfx/xpath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32287"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:19:45Z",
"nvd_published_at": "2026-03-26T20:16:12Z",
"severity": "HIGH"
},
"details": "Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \"1=1\" or \"true()\".",
"id": "GHSA-65xw-vw82-r86x",
"modified": "2026-03-30T21:19:36Z",
"published": "2026-03-29T15:19:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://github.com/antchfx/xpath/issues/121"
},
{
"type": "WEB",
"url": "https://github.com/golang/vulndb/issues/4526"
},
{
"type": "WEB",
"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
},
{
"type": "PACKAGE",
"url": "https://github.com/antchfx/xpath"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4526"
},
{
"type": "WEB",
"url": "https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion"
}
GHSA-6729-2HP6-XXX8
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."
{
"affected": [],
"aliases": [
"CVE-2019-9747"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-13T19:29:00Z",
"severity": "HIGH"
},
"details": "In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product\u0027s web site states \"This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products.\"",
"id": "GHSA-6729-2hp6-xxx8",
"modified": "2022-05-13T01:23:05Z",
"published": "2022-05-13T01:23:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9747"
},
{
"type": "WEB",
"url": "https://bitbucket.org/geekman/tinysvcmdns/issues/11/denial-of-service-vulnerability-infinite"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67RX-HJ63-9H2V
Vulnerability from github – Published: 2023-01-13 03:30 – Updated: 2023-01-23 18:30Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.
{
"affected": [],
"aliases": [
"CVE-2022-48256"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-13T01:15:00Z",
"severity": "HIGH"
},
"details": "Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.",
"id": "GHSA-67rx-hj63-9h2v",
"modified": "2023-01-23T18:30:19Z",
"published": "2023-01-13T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48256"
},
{
"type": "WEB",
"url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-100"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6976-M887-R48H
Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-15 21:31A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
{
"affected": [],
"aliases": [
"CVE-2022-42721"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T00:15:00Z",
"severity": "MODERATE"
},
"details": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
"id": "GHSA-6976-m887-r48h",
"modified": "2025-05-15T21:31:14Z",
"published": "2022-10-14T12:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42721"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230203-0008"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5257"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.