Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-MHHC-Q96P-MFM9

Vulnerability from github – Published: 2021-08-25 14:39 – Updated: 2024-11-13 21:20
VLAI
Summary
Infinite loop in TFLite
Details

Impact

The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition:

  for (int i = 0; i < effective_dims;) {
    if ((1 << i) & op_context->params->ellipsis_mask) {
      // ...
      int ellipsis_end_idx =
          std::min(i + 1 + num_add_axis + op_context->input_dims - begin_count,
                   effective_dims);
      // ...
      for (; i < ellipsis_end_idx; ++i) {
        // ...
      }
      continue;
    }
    // ...
    ++i;
  }

An attacker can craft a model such that ellipsis_end_idx is smaller than i (e.g., always negative). In this case, the inner loop does not increase i and the continue statement causes execution to skip over the preincrement at the end of the outer loop.

Patches

We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695.

The fix will be included in TensorFlow 2.6.0. This is the only affected version.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0rc0"
            },
            {
              "fixed": "2.6.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0rc0"
            },
            {
              "fixed": "2.6.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0rc0"
            },
            {
              "fixed": "2.6.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37686"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-24T17:54:33Z",
    "nvd_published_at": "2021-08-12T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122):\n\n```cc\n  for (int i = 0; i \u003c effective_dims;) {\n    if ((1 \u003c\u003c i) \u0026 op_context-\u003eparams-\u003eellipsis_mask) {\n      // ...\n      int ellipsis_end_idx =\n          std::min(i + 1 + num_add_axis + op_context-\u003einput_dims - begin_count,\n                   effective_dims);\n      // ...\n      for (; i \u003c ellipsis_end_idx; ++i) {\n        // ...\n      }\n      continue;\n    }\n    // ...\n    ++i;\n  }\n```\n\nAn attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always negative). In this case, the inner loop does not increase `i` and the `continue` statement causes execution to skip over the preincrement at the end of the outer loop.\n\n### Patches\nWe have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).\n\nThe fix will be included in TensorFlow 2.6.0. This is the only affected version.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-mhhc-q96p-mfm9",
  "modified": "2024-11-13T21:20:55Z",
  "published": "2021-08-25T14:39:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mhhc-q96p-mfm9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37686"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-599.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-797.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-308.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.4.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Infinite loop in TFLite"
}

GHSA-MHXJ-85R3-2X55

Vulnerability from github – Published: 2022-07-22 00:00 – Updated: 2022-08-16 15:42
VLAI
Summary
file-type vulnerable to Infinite Loop via malformed MKV file
Details

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "file-type"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "16.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "file-type"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "17.0.0"
            },
            {
              "fixed": "17.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-22T20:26:05Z",
    "nvd_published_at": "2022-07-21T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.",
  "id": "GHSA-mhxj-85r3-2x55",
  "modified": "2022-08-16T15:42:27Z",
  "published": "2022-07-22T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36313"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/commit/2c4d1200c99dffb7d515b9b9951ef43c22bf7e47"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/commit/8f981c32e2750d2516457e305e502ee2ad715759#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sindresorhus/file-type"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/compare/v12.4.2...v13.0.0#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12R611-R613"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/releases/tag/v16.5.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/file-type/releases/tag/v17.1.3"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220909-0005"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-FILETYPE-2958042"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/file-type"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "file-type vulnerable to Infinite Loop via malformed MKV file"
}

GHSA-MMFW-8C89-FJJ3

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-03T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.",
  "id": "GHSA-mmfw-8c89-fjj3",
  "modified": "2022-05-13T01:50:46Z",
  "published": "2022-05-13T01:50:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18915"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Exiv2/exiv2/issues/511"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2101"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MMJF-F5JW-W72Q

Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2022-09-19 21:58
VLAI
Summary
Invalid handling of `X509_verify_cert()` internal errors in libssl
Details

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "openssl-src"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "300.0.0"
            },
            {
              "fixed": "300.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T00:01:23Z",
    "nvd_published_at": "2021-12-14T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
  "id": "GHSA-mmjf-f5jw-w72q",
  "modified": "2022-09-19T21:58:21Z",
  "published": "2021-12-15T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0129.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211229-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20211214.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Invalid handling of `X509_verify_cert()` internal errors in libssl"
}

GHSA-MP4C-W7J9-95F4

Vulnerability from github – Published: 2023-01-12 06:30 – Updated: 2025-11-04 00:30
VLAI
Details

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-12T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-mp4c-w7j9-95f4",
  "modified": "2025-11-04T00:30:35Z",
  "published": "2023-01-12T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4345"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPF2-Q34C-FC6J

Vulnerability from github – Published: 2019-07-22 14:53 – Updated: 2024-10-22 16:40
VLAI
Summary
Infinite Loop in scapy
Details

scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is over the network or in a pcap. both work.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "scapy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4-rc1"
            },
            {
              "fixed": "2.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-1010142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-07-22T14:21:26Z",
    "nvd_published_at": "2019-07-19T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "scapy is affected by a Denial of Service vulnerability resulting in an infinite loop and resource consumption rendering the program unresponsive. The component is: `_RADIUSAttrPacketListField.getfield(self..)`. The attack vector is over the network or in a pcap. both work.",
  "id": "GHSA-mpf2-q34c-fc6j",
  "modified": "2024-10-22T16:40:01Z",
  "published": "2019-07-22T14:53:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secdev/scapy/pull/1409"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scapy/PYSEC-2019-120.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/secdev/scapy"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN"
    },
    {
      "type": "WEB",
      "url": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Infinite Loop in scapy"
}

GHSA-MPFH-94P7-8328

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2026-01-30 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix RCU stall while reaping monitor destination ring

While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id.

However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash.

kernel log: ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed

Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-mpfh-94p7-8328",
  "modified": "2026-01-30T12:31:20Z",
  "published": "2025-04-16T15:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58097"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQR3-725G-5QGW

Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2025-04-11 03:44
VLAI
Details

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-22T19:00:00Z",
    "severity": "MODERATE"
  },
  "details": "avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.",
  "id": "GHSA-mqr3-725g-5qgw",
  "modified": "2025-04-11T03:44:21Z",
  "published": "2022-05-17T02:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1002"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0436"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0779"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-1002"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667187"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65524"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65525"
    },
    {
      "type": "WEB",
      "url": "http://avahi.org/ticket/325"
    },
    {
      "type": "WEB",
      "url": "http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6"
    },
    {
      "type": "WEB",
      "url": "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/02/18/1"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/02/18/4"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70948"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43361"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43465"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43605"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43673"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44131"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1084-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2174"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:037"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/22/9"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0436.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0779.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46446"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0448"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0499"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0511"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0565"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0601"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0670"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0969"
    },
    {
      "type": "WEB",
      "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MRX3-23H7-M29P

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-3880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-10T19:00:00Z",
    "severity": "MODERATE"
  },
  "details": "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.",
  "id": "GHSA-mrx3-23h7-m29p",
  "modified": "2022-05-13T01:23:45Z",
  "published": "2022-05-13T01:23:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3880"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651264"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2010/11/04/9"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2010/11/05/3"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42126"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42789"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42890"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44665"
    },
    {
      "type": "WEB",
      "url": "http://www.spinics.net/lists/netdev/msg145899.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MWCW-C2X4-8C55

Vulnerability from github – Published: 2024-12-09 03:30 – Updated: 2025-11-04 16:54
VLAI
Summary
Predictable results in nanoid generation when given non-integer values
Details

When nanoid is called with a fractional value, there were a number of undesirable effects:

  1. in browser and non-secure, the code infinite loops on while (size--)
  2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
  3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nanoid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "nanoid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-55565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-09T22:42:43Z",
    "nvd_published_at": "2024-12-09T02:15:19Z",
    "severity": "MODERATE"
  },
  "details": "When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.",
  "id": "GHSA-mwcw-c2x4-8c55",
  "modified": "2025-11-04T16:54:54Z",
  "published": "2024-12-09T03:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ai/nanoid/pull/510"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ai/nanoid"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Predictable results in nanoid generation when given non-integer values"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.