Total
579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46770 | 1 Linuxfoundation | 1 Mirage Firewall | 2023-08-08 | N/A | 7.5 HIGH |
| qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). | |||||
| CVE-2023-37748 | 1 Miniupnp Project | 1 Ngiflib | 2023-07-28 | N/A | 5.5 MEDIUM |
| ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | |||||
| CVE-2021-33294 | 1 Elfutils Project | 1 Elfutils | 2023-07-27 | N/A | 5.5 MEDIUM |
| In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. | |||||
| CVE-2023-36807 | 1 Pypdf Project | 1 Pypdf | 2023-07-10 | N/A | 6.5 MEDIUM |
| pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. | |||||
| CVE-2023-35933 | 1 Openfga | 1 Openfga | 2023-07-06 | N/A | 7.5 HIGH |
| OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected. | |||||
| CVE-2023-36464 | 2 Pypdf2 Project, Pypdf Project | 2 Pypdf2, Pypdf | 2023-07-06 | N/A | 5.5 MEDIUM |
| pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`. | |||||
| CVE-2021-3468 | 2 Avahi, Debian | 2 Avahi, Debian Linux | 2023-06-22 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. | |||||
| CVE-2022-24859 | 2 Debian, Pypdf2 Project | 2 Debian Linux, Pypdf2 | 2023-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream. | |||||
| CVE-2022-1222 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
| CVE-2021-45297 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. | |||||
| CVE-2021-40592 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. | |||||
| CVE-2021-22161 | 1 Openwrt | 1 Openwrt | 2023-05-24 | 3.3 LOW | 6.5 MEDIUM |
| In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages. | |||||
| CVE-2022-33238 | 1 Qualcomm | 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more | 2023-04-19 | N/A | 7.5 HIGH |
| Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-33239 | 1 Qualcomm | 468 Apq8009, Apq8009 Firmware, Apq8017 and 465 more | 2023-04-19 | N/A | 7.5 HIGH |
| Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-37013 | 1 Unified-automation | 1 Opc Ua C\+\+ Demo Server | 2023-04-06 | N/A | 7.5 HIGH |
| This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203. | |||||
| CVE-2023-20999 | 1 Google | 1 Android | 2023-03-29 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246750467 | |||||
| CVE-2023-20997 | 1 Google | 1 Android | 2023-03-29 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702 | |||||
| CVE-2023-20998 | 1 Google | 1 Android | 2023-03-29 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936 | |||||
| CVE-2023-20996 | 1 Google | 1 Android | 2023-03-29 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764 | |||||
| CVE-2023-27560 | 1 Phpseclib | 1 Phpseclib | 2023-03-10 | N/A | 7.5 HIGH |
| Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | |||||