CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-MHHC-Q96P-MFM9
Vulnerability from github – Published: 2021-08-25 14:39 – Updated: 2024-11-13 21:20Impact
The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition:
for (int i = 0; i < effective_dims;) {
if ((1 << i) & op_context->params->ellipsis_mask) {
// ...
int ellipsis_end_idx =
std::min(i + 1 + num_add_axis + op_context->input_dims - begin_count,
effective_dims);
// ...
for (; i < ellipsis_end_idx; ++i) {
// ...
}
continue;
}
// ...
++i;
}
An attacker can craft a model such that ellipsis_end_idx is smaller than i (e.g., always negative). In this case, the inner loop does not increase i and the continue statement causes execution to skip over the preincrement at the end of the outer loop.
Patches
We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695.
The fix will be included in TensorFlow 2.6.0. This is the only affected version.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0rc0"
},
{
"fixed": "2.6.0rc2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0rc0"
},
{
"fixed": "2.6.0rc2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0rc0"
},
{
"fixed": "2.6.0rc2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-37686"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T17:54:33Z",
"nvd_published_at": "2021-08-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122):\n\n```cc\n for (int i = 0; i \u003c effective_dims;) {\n if ((1 \u003c\u003c i) \u0026 op_context-\u003eparams-\u003eellipsis_mask) {\n // ...\n int ellipsis_end_idx =\n std::min(i + 1 + num_add_axis + op_context-\u003einput_dims - begin_count,\n effective_dims);\n // ...\n for (; i \u003c ellipsis_end_idx; ++i) {\n // ...\n }\n continue;\n }\n // ...\n ++i;\n }\n```\n\nAn attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always negative). In this case, the inner loop does not increase `i` and the `continue` statement causes execution to skip over the preincrement at the end of the outer loop.\n\n### Patches\nWe have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).\n\nThe fix will be included in TensorFlow 2.6.0. This is the only affected version.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-mhhc-q96p-mfm9",
"modified": "2024-11-13T21:20:55Z",
"published": "2021-08-25T14:39:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mhhc-q96p-mfm9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37686"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-599.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-797.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-308.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.4"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.4.3"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Infinite loop in TFLite"
}
GHSA-MHXJ-85R3-2X55
Vulnerability from github – Published: 2022-07-22 00:00 – Updated: 2022-08-16 15:42An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "file-type"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "16.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "file-type"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0"
},
{
"fixed": "17.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36313"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-22T20:26:05Z",
"nvd_published_at": "2022-07-21T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.",
"id": "GHSA-mhxj-85r3-2x55",
"modified": "2022-08-16T15:42:27Z",
"published": "2022-07-22T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36313"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/commit/2c4d1200c99dffb7d515b9b9951ef43c22bf7e47"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/commit/8f981c32e2750d2516457e305e502ee2ad715759#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254"
},
{
"type": "PACKAGE",
"url": "https://github.com/sindresorhus/file-type"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/compare/v12.4.2...v13.0.0#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12R611-R613"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/releases/tag/v16.5.4"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/file-type/releases/tag/v17.1.3"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220909-0005"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-FILETYPE-2958042"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/file-type"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "file-type vulnerable to Infinite Loop via malformed MKV file"
}
GHSA-MMFW-8C89-FJJ3
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2018-18915"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-03T04:29:00Z",
"severity": "MODERATE"
},
"details": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-mmfw-8c89-fjj3",
"modified": "2022-05-13T01:50:46Z",
"published": "2022-05-13T01:50:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18915"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/issues/511"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMJF-F5JW-W72Q
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2022-09-19 21:58Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4044"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T00:01:23Z",
"nvd_published_at": "2021-12-14T19:15:00Z",
"severity": "HIGH"
},
"details": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"id": "GHSA-mmjf-f5jw-w72q",
"modified": "2022-09-19T21:58:21Z",
"published": "2021-12-15T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0129.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Invalid handling of `X509_verify_cert()` internal errors in libssl"
}
GHSA-MP4C-W7J9-95F4
Vulnerability from github – Published: 2023-01-12 06:30 – Updated: 2025-11-04 00:30Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2022-4345"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-mp4c-w7j9-95f4",
"modified": "2025-11-04T00:30:35Z",
"published": "2023-01-12T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4345"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPF2-Q34C-FC6J
Vulnerability from github – Published: 2019-07-22 14:53 – Updated: 2024-10-22 16:40scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is over the network or in a pcap. both work.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "scapy"
},
"ranges": [
{
"events": [
{
"introduced": "2.4-rc1"
},
{
"fixed": "2.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-1010142"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2019-07-22T14:21:26Z",
"nvd_published_at": "2019-07-19T16:15:00Z",
"severity": "HIGH"
},
"details": "scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: `_RADIUSAttrPacketListField.getfield(self..)`. The attack vector is over the network or in a pcap. both work.",
"id": "GHSA-mpf2-q34c-fc6j",
"modified": "2024-10-22T16:40:01Z",
"published": "2019-07-22T14:53:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010142"
},
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/pull/1409"
},
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/scapy/PYSEC-2019-120.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/secdev/scapy"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN"
},
{
"type": "WEB",
"url": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in scapy"
}
GHSA-MPFH-94P7-8328
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2026-01-30 12:31In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix RCU stall while reaping monitor destination ring
While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id.
However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash.
kernel log: ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed
Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
{
"affected": [],
"aliases": [
"CVE-2024-58097"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"id": "GHSA-mpfh-94p7-8328",
"modified": "2026-01-30T12:31:20Z",
"published": "2025-04-16T15:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQR3-725G-5QGW
Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2025-04-11 03:44avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
{
"affected": [],
"aliases": [
"CVE-2011-1002"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-02-22T19:00:00Z",
"severity": "MODERATE"
},
"details": "avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.",
"id": "GHSA-mqr3-725g-5qgw",
"modified": "2025-04-11T03:44:21Z",
"published": "2022-05-17T02:01:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1002"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:0436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:0779"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2011-1002"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667187"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65524"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65525"
},
{
"type": "WEB",
"url": "http://avahi.org/ticket/325"
},
{
"type": "WEB",
"url": "http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6"
},
{
"type": "WEB",
"url": "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/18/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/02/18/4"
},
{
"type": "WEB",
"url": "http://osvdb.org/70948"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43361"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43465"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43605"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43673"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44131"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1084-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2174"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:037"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/02/22/9"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0436.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0779.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46446"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0448"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0499"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0511"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0565"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0601"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0670"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0969"
},
{
"type": "WEB",
"url": "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MRX3-23H7-M29P
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
{
"affected": [],
"aliases": [
"CVE-2010-3880"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-10T19:00:00Z",
"severity": "MODERATE"
},
"details": "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.",
"id": "GHSA-mrx3-23h7-m29p",
"modified": "2022-05-13T01:23:45Z",
"published": "2022-05-13T01:23:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3880"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651264"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/04/9"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/05/3"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42126"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42789"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42890"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46397"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2126"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/44665"
},
{
"type": "WEB",
"url": "http://www.spinics.net/lists/netdev/msg145899.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0024"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MWCW-C2X4-8C55
Vulnerability from github – Published: 2024-12-09 03:30 – Updated: 2025-11-04 16:54When nanoid is called with a fractional value, there were a number of undesirable effects:
- in browser and non-secure, the code infinite loops on while (size--)
- in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
- if the first call in node is a fractional argument, the initial buffer allocation fails with an error
Version 3.3.8 and 5.0.9 are fixed.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nanoid"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "5.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "nanoid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55565"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-09T22:42:43Z",
"nvd_published_at": "2024-12-09T02:15:19Z",
"severity": "MODERATE"
},
"details": "When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.",
"id": "GHSA-mwcw-c2x4-8c55",
"modified": "2025-11-04T16:54:54Z",
"published": "2024-12-09T03:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"type": "PACKAGE",
"url": "https://github.com/ai/nanoid"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"type": "WEB",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Predictable results in nanoid generation when given non-integer values"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.