Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1060 vulnerabilities reference this CWE, most recent first.

GHSA-6R93-M2CP-HHMF

Vulnerability from github – Published: 2022-05-21 00:01 – Updated: 2022-05-27 00:00
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-20T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
  "id": "GHSA-6r93-m2cp-hhmf",
  "modified": "2022-05-27T00:00:53Z",
  "published": "2022-05-21T00:01:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29028"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V9C-7CG6-27Q7

Vulnerability from github – Published: 2026-04-29 22:12 – Updated: 2026-04-29 22:12
VLAI
Summary
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer
Details

Summary

A critical Denial of Service (DoS) vulnerability exists in marked@18.0.0. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM).

Details

The vulnerability originates in how marked's block tokenizer handles unexpected whitespace characters.

  1. Tab Character (\x09) Consumption: The space() tokenizer matches standard whitespace using the regex /^(?:[ \t]*(?:\n|$))+/. When parsing the malicious payload (\x09\x0b\n), this rule successfully consumes the initial tab character (\x09).
  2. Vertical Tab (\x0b) Bypass: The remaining input is now \x0b\n. The newline block rule explicitly looks for spaces or standard tabs ([ \t]) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match.
  3. Fallback to Text Tokenizer: None of the standard block tokenizers (blockquote, code, heading, etc.) match \x0b\n. As a result, the parser falls through to the text tokenizer (/^[^\n]+/), which matches any character except a newline.
  4. Infinite Recursion: Inside blockTokens(), the text tokenizer creates a text token and subsequently calls inlineTokens() on the exact same content. Inside inlineTokens(), the text rule again matches \x0b\n and recursively calls inlineTokens(). This creates an inescapable cycle: blockTokens() → text token → inlineTokens() → text rule matches → inlineTokens() → ...

With each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.

Vulnerable Code in lib/marked.esm.js (Lexer class, blockTokens()):

// The text tokenizer triggers infinite recursion
if(r=this.tokenizer.text(e)) {
    e=e.substring(r.raw.length);
    let s=t.at(-1);
    s?.type==="text"?(s.raw+=(s.raw.endsWith("\n")?"":"\n")+r.raw, s.text+="\n"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);
    // ↑ This calls inlineTokens() internally via the text tokenizer, causing the OOM loop
    continue;
}

PoC

This vulnerability can be reproduced using any standard Node.js environment with marked@18.0.0 installed.

  1. Create a file named poc.js with the following content:
const marked = require('marked');

// The vulnerable 3-byte pattern: tab + vertical tab + newline
const vulnerableInput = '\x09\x0b\n';

console.log('Attempting to parse malicious payload...');
try {
    marked.parse(vulnerableInput);
} catch(e) {
    console.log('Error:', e.message);
}
  1. Run the script: node poc.js
  2. Result: The process will hang briefly as memory spikes, ultimately crashing with: FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory.

Impact

This is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion.

Impacted Parties: Any application, API, chatbot, or documentation system using marked@18.0.0 (and potentially earlier versions) to parse untrusted user input is vulnerable.

Because the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 18.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "marked"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "18.0.0"
            },
            {
              "fixed": "18.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-674",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:12:20Z",
    "nvd_published_at": "2026-04-24T18:16:29Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA critical Denial of Service (DoS) vulnerability exists in `marked@18.0.0`. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (`\\x09\\x0b\\n`)\u2014an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM). \n\n### Details\nThe vulnerability originates in how `marked`\u0027s block tokenizer handles unexpected whitespace characters. \n\n1. **Tab Character (`\\x09`) Consumption**: The `space()` tokenizer matches standard whitespace using the regex `/^(?:[ \\t]*(?:\\n|$))+/`. When parsing the malicious payload (`\\x09\\x0b\\n`), this rule successfully consumes the initial tab character (`\\x09`).\n2. **Vertical Tab (`\\x0b`) Bypass**: The remaining input is now `\\x0b\\n`. The newline block rule explicitly looks for spaces or standard tabs (`[ \\t]`) followed by a newline. Because the vertical tab is a legacy ASCII character not accounted for in this rule, it fails to match.\n3. **Fallback to Text Tokenizer**: None of the standard block tokenizers (blockquote, code, heading, etc.) match `\\x0b\\n`. As a result, the parser falls through to the `text` tokenizer (`/^[^\\n]+/`), which matches any character except a newline.\n4. **Infinite Recursion**: Inside `blockTokens()`, the `text` tokenizer creates a text token and subsequently calls `inlineTokens()` on the exact same content. Inside `inlineTokens()`, the text rule again matches `\\x0b\\n` and recursively calls `inlineTokens()`. This creates an inescapable cycle: `blockTokens() \u2192 text token \u2192 inlineTokens() \u2192 text rule matches \u2192 inlineTokens() \u2192 ...`\n\nWith each recursive call allocating new token objects and concatenating strings, memory grows indefinitely until the Node.js heap limit is reached.\n\n**Vulnerable Code in `lib/marked.esm.js` (Lexer class, `blockTokens()`):**\n```javascript\n// The text tokenizer triggers infinite recursion\nif(r=this.tokenizer.text(e)) {\n    e=e.substring(r.raw.length);\n    let s=t.at(-1);\n    s?.type===\"text\"?(s.raw+=(s.raw.endsWith(\"\\n\")?\"\":\"\\n\")+r.raw, s.text+=\"\\n\"+r.text, this.inlineQueue.pop(), this.inlineQueue.at(-1).src=s.text):t.push(r);\n    // \u2191 This calls inlineTokens() internally via the text tokenizer, causing the OOM loop\n    continue;\n}\n```\n\n### PoC\nThis vulnerability can be reproduced using any standard Node.js environment with `marked@18.0.0` installed.\n\n1. Create a file named `poc.js` with the following content:\n```javascript\nconst marked = require(\u0027marked\u0027);\n\n// The vulnerable 3-byte pattern: tab + vertical tab + newline\nconst vulnerableInput = \u0027\\x09\\x0b\\n\u0027;\n\nconsole.log(\u0027Attempting to parse malicious payload...\u0027);\ntry {\n    marked.parse(vulnerableInput);\n} catch(e) {\n    console.log(\u0027Error:\u0027, e.message);\n}\n```\n2. Run the script: `node poc.js`\n3. **Result:** The process will hang briefly as memory spikes, ultimately crashing with: `FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`.\n\n### Impact\nThis is a High-Severity Denial of Service (DoS) vulnerability via Memory Exhaustion. \n\n**Impacted Parties:** Any application, API, chatbot, or documentation system using `marked@18.0.0` (and potentially earlier versions) to parse untrusted user input is vulnerable. \n\nBecause the payload requires zero authentication and only 3 bytes of data, it requires virtually no resources from the attacker to remotely crash the service and achieve a total loss of availability for the targeted application.",
  "id": "GHSA-6v9c-7cg6-27q7",
  "modified": "2026-04-29T22:12:20Z",
  "published": "2026-04-29T22:12:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41680"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/markedjs/marked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer"
}

GHSA-6V9F-3XW7-VJJ9

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00
VLAI
Details

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine",
  "id": "GHSA-6v9f-3xw7-vjj9",
  "modified": "2022-09-27T00:00:14Z",
  "published": "2022-09-25T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28886"
    },
    {
      "type": "WEB",
      "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.withsecure.com/en/support/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VWG-GM7P-4529

Vulnerability from github – Published: 2025-10-11 00:30 – Updated: 2025-10-11 00:30
VLAI
Details

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-10T23:15:35Z",
    "severity": "MODERATE"
  },
  "details": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service",
  "id": "GHSA-6vwg-gm7p-4529",
  "modified": "2025-10-11T00:30:17Z",
  "published": "2025-10-11T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11626"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VX5-8RXP-JW26

Vulnerability from github – Published: 2022-12-07 21:30 – Updated: 2022-12-12 18:30
VLAI
Details

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-07T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).",
  "id": "GHSA-6vx5-8rxp-jw26",
  "modified": "2022-12-12T18:30:29Z",
  "published": "2022-12-07T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46770"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mirage/qubes-mirage-firewall/issues/166"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W5V-VMWV-XCWJ

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.",
  "id": "GHSA-6w5v-vmwv-xcwj",
  "modified": "2022-05-24T17:40:16Z",
  "published": "2022-05-24T17:40:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36227"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9428"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210226-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212531"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/64"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/65"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W7H-3CWX-M3MP

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:45:18Z",
    "severity": "MODERATE"
  },
  "details": "MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file",
  "id": "GHSA-6w7h-3cwx-m3mp",
  "modified": "2025-11-04T00:30:48Z",
  "published": "2024-05-14T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4854"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19726"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15047"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15499"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2024-07.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WF9-JMG9-VXCC

Vulnerability from github – Published: 2021-08-25 14:48 – Updated: 2022-02-08 20:59
VLAI
Summary
XStream can cause a Denial of Service
Details

Impact

The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

Patches

XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Workarounds

See workarounds for the different versions covering all CVEs.

References

See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for CVE-2021-39140.

Credits

The vulnerability was discovered and reported by Lai Han of nsfocus security team.

For more information

If you have any questions or comments about this advisory: * Open an issue in XStream * Contact us at XStream Google Group

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.thoughtworks.xstream:xstream"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T18:22:01Z",
    "nvd_published_at": "2021-08-23T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream\u0027s documentation for [CVE-2021-39140](https://x-stream.github.io/CVE-2021-39140.html).\n\n### Credits\nThe vulnerability was discovered and reported by Lai Han of nsfocus security team.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n",
  "id": "GHSA-6wf9-jmg9-vxcc",
  "modified": "2022-02-08T20:59:06Z",
  "published": "2021-08-25T14:48:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39140"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/x-stream/xstream"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210923-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://x-stream.github.io/CVE-2021-39140.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XStream can cause a Denial of Service"
}

GHSA-6XGJ-C5FX-5V57

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 16:17
VLAI
Summary
DB-GPT Uncontrolled Resource Consumption vulnerability
Details

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "dbgpt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-10829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-21T16:17:52Z",
    "nvd_published_at": "2025-03-20T10:15:20Z",
    "severity": "HIGH"
  },
  "details": "A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.",
  "id": "GHSA-6xgj-c5fx-5v57",
  "modified": "2025-03-21T16:17:52Z",
  "published": "2025-03-20T12:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10829"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eosphoros-ai/DB-GPT"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DB-GPT Uncontrolled Resource Consumption vulnerability"
}

GHSA-6XVV-489Q-R47W

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-23T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.",
  "id": "GHSA-6xvv-489q-r47w",
  "modified": "2022-05-13T01:53:21Z",
  "published": "2022-05-13T01:53:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7330"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.