Total
590 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19451 | 3 Fedoraproject, Gnome, Opensuse | 3 Fedora, Dia, Leap | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | |||||
| CVE-2019-18836 | 2 Envoyproxy, Istio | 2 Envoy, Istio | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | |||||
| CVE-2019-18217 | 1 Proftpd | 1 Proftpd | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | |||||
| CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | |||||
| CVE-2019-16319 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | |||||
| CVE-2019-15143 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. | |||||
| CVE-2019-12402 | 3 Apache, Fedoraproject, Oracle | 19 Commons Compress, Fedora, Banking Payments and 16 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | |||||
| CVE-2019-12068 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-11-07 | 2.1 LOW | 3.8 LOW |
| In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | |||||
| CVE-2019-10900 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. | |||||
| CVE-2019-10898 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. | |||||
| CVE-2019-10897 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. | |||||
| CVE-2019-1010189 | 1 Mgetty Project | 1 Mgetty | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. | |||||
| CVE-2019-1010142 | 2 Fedoraproject, Scapy | 2 Fedora, Scapy | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | |||||
| CVE-2019-1000020 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. | |||||
| CVE-2019-0205 | 3 Apache, Oracle, Redhat | 4 Thrift, Communications Cloud Native Core Network Slice Selection Function, Enterprise Linux Server and 1 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. | |||||
| CVE-2018-9257 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. | |||||
| CVE-2018-8036 | 1 Apache | 1 Pdfbox | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | |||||
| CVE-2018-8017 | 1 Apache | 1 Tika | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | |||||
| CVE-2018-7421 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. | |||||
| CVE-2018-7333 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. | |||||