CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-QG28-39X2-3CGW
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
{
"affected": [],
"aliases": [
"CVE-2018-7331"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.",
"id": "GHSA-qg28-39x2-3cgw",
"modified": "2022-05-13T01:53:20Z",
"published": "2022-05-13T01:53:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7331"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG2G-RFCV-QFFX
Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
{
"affected": [],
"aliases": [
"CVE-2018-20784"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-22T15:29:00Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq\u0027s, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.",
"id": "GHSA-qg2g-rfcv-qffx",
"modified": "2022-05-13T01:09:56Z",
"published": "2022-05-13T01:09:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20784"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1959"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1971"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4115-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4211-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4211-2"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG86-F892-M4HJ
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 16:37In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "fschat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.36"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10907"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T16:37:30Z",
"nvd_published_at": "2025-03-20T10:15:21Z",
"severity": "HIGH"
},
"details": "In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.",
"id": "GHSA-qg86-f892-m4hj",
"modified": "2025-03-21T16:37:30Z",
"published": "2025-03-20T12:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10907"
},
{
"type": "PACKAGE",
"url": "https://github.com/lm-sys/FastChat"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "FastChat Uncontrolled Resource Consumption vulnerability"
}
GHSA-QH22-5Q6M-7H2P
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-09-22 21:30In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix possible stall on recvmsg()
recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the peer.
When the above happens, mptcp_wait_data() will always return with no wait, as the MPTCP_DATA_READY flag checked by such function is set and never cleared in such code path.
Leveraging the above syzbot was able to trigger an RCU stall:
rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-...!: (10499 ticks this GP) idle=0af/1/0x4000000000000000 softirq=10678/10678 fqs=1 (t=10500 jiffies g=13089 q=109) rcu: rcu_preempt kthread starved for 10497 jiffies! g13089 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28696 pid: 14 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4955 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6236 schedule+0xd3/0x270 kernel/sched/core.c:6315 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1955 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2128 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8510 Comm: syz-executor827 Not tainted 5.15.0-rc2-next-20210920-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:84 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xc8/0x180 mm/kasan/generic.c:189 Code: 38 00 74 ed 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 <48> 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 RSP: 0018:ffffc9000cd676c8 EFLAGS: 00000283 RAX: ffffed100e9a110e RBX: ffffed100e9a110f RCX: ffffffff88ea062a RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888074d08870 RBP: ffffed100e9a110e R08: 0000000000000001 R09: ffff888074d08877 R10: ffffed100e9a110e R11: 0000000000000000 R12: ffff888074d08000 R13: ffff888074d08000 R14: ffff888074d08088 R15: ffff888074d08000 FS: 0000555556d8e300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 S: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000180 CR3: 0000000068909000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: instrument_atomic_read_write include/linux/instrumented.h:101 [inline] test_and_clear_bit include/asm-generic/bitops/instrumented-atomic.h:83 [inline] mptcp_release_cb+0x14a/0x210 net/mptcp/protocol.c:3016 release_sock+0xb4/0x1b0 net/core/sock.c:3204 mptcp_wait_data net/mptcp/protocol.c:1770 [inline] mptcp_recvmsg+0xfd1/0x27b0 net/mptcp/protocol.c:2080 inet6_recvmsg+0x11b/0x5e0 net/ipv6/af_inet6.c:659 sock_recvmsg_nosec net/socket.c:944 [inline] _sysrecvmsg+0x527/0x600 net/socket.c:2626 _sys_recvmsg+0x127/0x200 net/socket.c:2670 do_recvmmsg+0x24d/0x6d0 net/socket.c:2764 __sys_recvmmsg net/socket.c:2843 [inline] __do_sys_recvmmsg net/socket.c:2866 [inline] __se_sys_recvmmsg net/socket.c:2859 [inline] __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc200d2 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2021-47448"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix possible stall on recvmsg()\n\nrecvmsg() can enter an infinite loop if the caller provides the\nMSG_WAITALL, the data present in the receive queue is not sufficient to\nfulfill the request, and no more data is received by the peer.\n\nWhen the above happens, mptcp_wait_data() will always return with\nno wait, as the MPTCP_DATA_READY flag checked by such function is\nset and never cleared in such code path.\n\nLeveraging the above syzbot was able to trigger an RCU stall:\n\nrcu: INFO: rcu_preempt self-detected stall on CPU\nrcu: 0-...!: (10499 ticks this GP) idle=0af/1/0x4000000000000000 softirq=10678/10678 fqs=1\n (t=10500 jiffies g=13089 q=109)\nrcu: rcu_preempt kthread starved for 10497 jiffies! g13089 f0x0 RCU_GP_WAIT_FQS(5) -\u003estate=0x0 -\u003ecpu=1\nrcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.\nrcu: RCU grace-period kthread stack dump:\ntask:rcu_preempt state:R running task stack:28696 pid: 14 ppid: 2 flags:0x00004000\nCall Trace:\n context_switch kernel/sched/core.c:4955 [inline]\n __schedule+0x940/0x26f0 kernel/sched/core.c:6236\n schedule+0xd3/0x270 kernel/sched/core.c:6315\n schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881\n rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1955\n rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2128\n kthread+0x405/0x4f0 kernel/kthread.c:327\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\nrcu: Stack dump where RCU GP kthread last ran:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 8510 Comm: syz-executor827 Not tainted 5.15.0-rc2-next-20210920-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:bytes_is_nonzero mm/kasan/generic.c:84 [inline]\nRIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline]\nRIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]\nRIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]\nRIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]\nRIP: 0010:kasan_check_range+0xc8/0x180 mm/kasan/generic.c:189\nCode: 38 00 74 ed 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 \u003c48\u003e 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00\nRSP: 0018:ffffc9000cd676c8 EFLAGS: 00000283\nRAX: ffffed100e9a110e RBX: ffffed100e9a110f RCX: ffffffff88ea062a\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888074d08870\nRBP: ffffed100e9a110e R08: 0000000000000001 R09: ffff888074d08877\nR10: ffffed100e9a110e R11: 0000000000000000 R12: ffff888074d08000\nR13: ffff888074d08000 R14: ffff888074d08088 R15: ffff888074d08000\nFS: 0000555556d8e300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000180 CR3: 0000000068909000 CR4: 00000000001506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n instrument_atomic_read_write include/linux/instrumented.h:101 [inline]\n test_and_clear_bit include/asm-generic/bitops/instrumented-atomic.h:83 [inline]\n mptcp_release_cb+0x14a/0x210 net/mptcp/protocol.c:3016\n release_sock+0xb4/0x1b0 net/core/sock.c:3204\n mptcp_wait_data net/mptcp/protocol.c:1770 [inline]\n mptcp_recvmsg+0xfd1/0x27b0 net/mptcp/protocol.c:2080\n inet6_recvmsg+0x11b/0x5e0 net/ipv6/af_inet6.c:659\n sock_recvmsg_nosec net/socket.c:944 [inline]\n ____sys_recvmsg+0x527/0x600 net/socket.c:2626\n ___sys_recvmsg+0x127/0x200 net/socket.c:2670\n do_recvmmsg+0x24d/0x6d0 net/socket.c:2764\n __sys_recvmmsg net/socket.c:2843 [inline]\n __do_sys_recvmmsg net/socket.c:2866 [inline]\n __se_sys_recvmmsg net/socket.c:2859 [inline]\n __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fc200d2\n---truncated---",
"id": "GHSA-qh22-5q6m-7h2p",
"modified": "2025-09-22T21:30:14Z",
"published": "2024-05-22T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47448"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a4554e94f0deff9fc1dc5addf93fa579cc29711"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/612f71d7328c14369924384ad2170aae2a6abd92"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QHJ8-V3HG-PR39
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.
{
"affected": [],
"aliases": [
"CVE-2017-13195"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-12T23:29:00Z",
"severity": "HIGH"
},
"details": "In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.",
"id": "GHSA-qhj8-v3hg-pr39",
"modified": "2022-05-13T01:43:06Z",
"published": "2022-05-13T01:43:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13195"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102414"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QHP6-XJ37-53M2
Vulnerability from github – Published: 2021-12-09 00:01 – Updated: 2021-12-11 00:01An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
{
"affected": [],
"aliases": [
"CVE-2021-20041"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-08T10:15:00Z",
"severity": "HIGH"
},
"details": "An unauthenticated and remote adversary can consume all of the device\u0027s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.",
"id": "GHSA-qhp6-xj37-53m2",
"modified": "2021-12-11T00:01:17Z",
"published": "2021-12-09T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20041"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QJ43-C67C-C7C5
Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2022-08-26 00:03A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
{
"affected": [],
"aliases": [
"CVE-2022-28882"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-23T16:15:00Z",
"severity": "HIGH"
},
"details": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.",
"id": "GHSA-qj43-c67c-c7c5",
"modified": "2022-08-26T00:03:34Z",
"published": "2022-08-24T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28882"
},
{
"type": "WEB",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QMQ8-HPR3-M3X3
Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 06:30Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
{
"affected": [],
"aliases": [
"CVE-2022-25742"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T10:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music",
"id": "GHSA-qmq8-hpr3-m3x3",
"modified": "2022-11-18T06:30:31Z",
"published": "2022-11-15T12:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25742"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPH5-M27V-3FJM
Vulnerability from github – Published: 2025-01-31 12:33 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
pmdomain: imx8mp-blk-ctrl: add missing loop break condition
Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs.
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : dev_pm_domain_detach+0x8/0x48 lr : imx8mp_blk_ctrl_shutdown+0x58/0x90 sp : ffffffc084f8bbf0 x29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000 x26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028 x23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0 x20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff x17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72 x14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000 x11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8 x8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077 x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000 Call trace: dev_pm_domain_detach+0x8/0x48 platform_shutdown+0x2c/0x48 device_shutdown+0x158/0x268 kernel_restart_prepare+0x40/0x58 kernel_kexec+0x58/0xe8 __do_sys_reboot+0x198/0x258 __arm64_sys_reboot+0x2c/0x40 invoke_syscall+0x5c/0x138 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0xc8 el0t_64_sync_handler+0x120/0x130 el0t_64_sync+0x190/0x198 Code: 8128c2d0 ffffffc0 aa1e03e9 d503201f
{
"affected": [],
"aliases": [
"CVE-2025-21668"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T12:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"id": "GHSA-qph5-m27v-3fjm",
"modified": "2025-11-03T21:32:30Z",
"published": "2025-01-31T12:33:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21668"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/488a68c948bc52dc2a4554a56fdd99aa67c49b06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/699cc10cc3068f9097a506eae7fe178c860dca4e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/726efa92e02b460811e8bc6990dd742f03b645ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/926ad31b76b8e229b412536e77cdf828a5cae9c6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPHF-W3CQ-JPMX
Vulnerability from github – Published: 2023-12-29 15:30 – Updated: 2024-01-12 17:47An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.github.seancfoley:ipaddress"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50570"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:27:43Z",
"nvd_published_at": "2023-12-29T15:15:09Z",
"severity": "MODERATE"
},
"details": "An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.",
"id": "GHSA-qphf-w3cq-jpmx",
"modified": "2024-01-12T17:47:09Z",
"published": "2023-12-29T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50570"
},
{
"type": "WEB",
"url": "https://github.com/seancfoley/IPAddress/issues/118"
},
{
"type": "WEB",
"url": "https://github.com/seancfoley/IPAddress/issues/118#issuecomment-1876043773"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/pull/3279"
},
{
"type": "PACKAGE",
"url": "https://github.com/seancfoley/IPAddress"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "IPAddress Infinite Loop vulnerability (Disputed)",
"withdrawn": "2024-01-12T17:47:08Z"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.