Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-835
Total 491 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24944 1 Privateoctopus 1 Picoquic 2021-02-10 5.0 MEDIUM 7.5 HIGH
picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.
CVE-2020-15466 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2021-02-10 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
CVE-2021-0221 1 Juniper 1 Junos 2021-02-05 2.9 LOW 6.5 MEDIUM
In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.
CVE-2018-19840 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2021-01-15 4.3 MEDIUM 5.5 MEDIUM
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
CVE-2020-28095 1 Tenda 2 Ac1200, Ac1200 Firmware 2021-01-05 7.8 HIGH 7.5 HIGH
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
CVE-2017-14058 1 Ffmpeg 1 Ffmpeg 2020-12-29 4.3 MEDIUM 6.5 MEDIUM
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
CVE-2020-13986 1 Contiki-os 1 Contiki 2020-12-16 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
CVE-2020-24337 1 Altran 2 Picotcp, Picotcp-ng 2020-12-14 5.0 MEDIUM 7.5 HIGH
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.
CVE-2020-13984 1 Contiki-os 1 Contiki 2020-12-14 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.
CVE-2018-20803 1 Mongodb 1 Mongodb 2020-12-02 4.0 MEDIUM 6.5 MEDIUM
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.
CVE-2020-16127 1 Freedesktop 1 Accountsservice 2020-11-24 2.1 LOW 5.5 MEDIUM
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
CVE-2020-14040 2 Fedoraproject, Golang 2 Fedora, Text 2020-11-18 5.0 MEDIUM 7.5 HIGH
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
CVE-2020-27152 1 Linux 1 Linux Kernel 2020-11-16 2.1 LOW 5.5 MEDIUM
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.
CVE-2018-5813 2 Canonical, Libraw 2 Ubuntu Linux, Libraw 2020-11-10 7.1 HIGH 6.5 MEDIUM
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2017-9310 2 Debian, Qemu 2 Debian Linux, Qemu 2020-11-10 1.9 LOW 5.6 MEDIUM
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
CVE-2016-7909 2 Debian, Qemu 2 Debian Linux, Qemu 2020-11-10 4.9 MEDIUM 4.4 MEDIUM
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-9776 2 Debian, Qemu 2 Debian Linux, Qemu 2020-11-10 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
CVE-2017-6505 1 Qemu 1 Qemu 2020-11-10 2.1 LOW 6.5 MEDIUM
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
CVE-2017-9330 2 Debian, Qemu 2 Debian Linux, Qemu 2020-11-10 1.9 LOW 5.6 MEDIUM
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVE-2017-5987 2 Debian, Qemu 2 Debian Linux, Qemu 2020-11-10 2.1 LOW 5.5 MEDIUM
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.