Total
491 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14394 | 3 Fedoraproject, Qemu, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more | 2023-03-14 | N/A | 3.2 LOW |
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | |||||
CVE-2023-27560 | 1 Phpseclib | 1 Phpseclib | 2023-03-10 | N/A | 7.5 HIGH |
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | |||||
CVE-2023-25824 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2023-03-06 | N/A | 7.5 HIGH |
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory. | |||||
CVE-2019-14372 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-06 | 4.3 MEDIUM | 6.5 MEDIUM |
In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | |||||
CVE-2022-44617 | 1 Libxpm Project | 1 Libxpm | 2023-03-03 | N/A | 7.5 HIGH |
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | |||||
CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-02 | 7.1 HIGH | 6.5 MEDIUM |
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
CVE-2019-1010142 | 2 Fedoraproject, Scapy | 2 Fedora, Scapy | 2023-03-01 | 5.0 MEDIUM | 7.5 HIGH |
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | |||||
CVE-2021-34334 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | |||||
CVE-2022-30634 | 3 Golang, Microsoft, Netapp | 3 Go, Windows, Cloud Insights Telegraf Agent | 2023-02-28 | N/A | 7.5 HIGH |
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | |||||
CVE-2022-3190 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-02-28 | N/A | 5.5 MEDIUM |
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-35515 | 3 Apache, Netapp, Oracle | 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||||
CVE-2023-25653 | 1 Cisco | 1 Node-jose | 2023-02-24 | N/A | 7.5 HIGH |
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the "fallback" crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run. | |||||
CVE-2021-42715 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2023-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. | |||||
CVE-2022-25734 | 1 Qualcomm | 70 Ar8031, Ar8031 Firmware, Csra6620 and 67 more | 2023-02-21 | N/A | 7.5 HIGH |
Denial of service in modem due to missing null check while processing IP packets with padding | |||||
CVE-2023-24808 | 1 Pdfio Project | 1 Pdfio | 2023-02-14 | N/A | 6.5 MEDIUM |
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2017-7618 | 1 Linux | 1 Linux Kernel | 2023-02-14 | 7.8 HIGH | 7.5 HIGH |
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. | |||||
CVE-2012-1186 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2023-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. | |||||
CVE-2010-3880 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. | |||||
CVE-2011-4621 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. | |||||
CVE-2009-2906 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-02-12 | 4.0 MEDIUM | N/A |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. |