Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36732

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jun, 2024 | 18:51
Updated At-13 Feb, 2025 | 15:59
Rejected At-
Credits

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jun, 2024 | 18:51
Updated At:13 Feb, 2025 | 15:59
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
N/A
Hyperlink: https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
oneflow
Product
oneflow
CPEs
  • cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0.9.1
Problem Types
TypeCWE IDDescription
CWECWE-835CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Type: CWE
CWE ID: CWE-835
Description: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
x_transferred
Hyperlink: https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Jun, 2024 | 19:15
Updated At:02 May, 2025 | 12:50

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
oneflow
oneflow
>>oneflow>>0.9.1
cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-835
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfdcve@mitre.org
Broken Link
https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfdaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

225Records found
CVE-2023-26151
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.88%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-20 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

Action-Not Available
Vendor-freeopcuan/a
Product-opcua-asyncioasyncua
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-18217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.64% / 85.15%
||
7 Day CHG~0.00%
Published-21 Oct, 2019 | 03:12
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

Action-Not Available
Vendor-proftpdn/a
Product-proftpdn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-25653
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:15
Updated-10 Mar, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the "fallback" crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-node-josenode-jose
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-16319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.52%
||
7 Day CHG~0.00%
Published-15 Sep, 2019 | 15:15
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-15702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.63%
||
7 Day CHG~0.00%
Published-27 Aug, 2019 | 17:35
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.

Action-Not Available
Vendor-riot-osn/a
Product-riotn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2011-1142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.10%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-33238
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwareqcn9072_firmwaremsm8996auwcn3615_firmwaresd730apq8009ipq6028qca6696qca6421qcn9070wcn7850qcn5122qsm8250_firmwareqca6564ausdx24wcn3660bsd720gipq8078asd460msm8996au_firmwaresdx24_firmwareqcn5124qca6430ipq9008_firmwareqcs6490_firmwaresd_8cx_gen3_firmwaresd_8cx_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwaresd712qca8386qca6574asd865_5g_firmwareapq8017_firmwaresd835_firmwaresa8295p_firmwaresm7325pqcn5024mdm8215qcc5100qcs405qca6595qca6431_firmwaresd480_firmwareapq8064au_firmwaresm7315_firmwareqca9367qca6390_firmwaresc8180x\+sdx55qca6584_firmwareipq8070asd870_firmwareqcm6490_firmwareipq8078_firmwareipq4019qca6595ausd821_firmwareqcs4290_firmwarewcn3980qca2066sm4125_firmwaresm7315qcn9022sd765_firmwareipq8065_firmwareqca9888_firmwaresdx55mqam8295pwcn6850_firmwaresm6250pwcn3991_firmwaresa8150pwcn6740ipq8078qca6436apq8064auipq8069ipq8071aqca4024qca2062_firmwareqca2066_firmwaresw5100p_firmwareqcn9012wsa8835_firmwareapq8009_firmwareqca6391qcn9024qcn5052_firmwarecsra6620wcn3998_firmwaresd778g_firmwaresd675ipq8074aqcx315qcc5100_firmwareqca6554a_firmwareqca9886_firmwareqca7500_firmwareipq8071qcn6122sdx12sd660csrb31024_firmwaresa4150p_firmwaresdx20ipq8070qcs610qcn9012_firmwaresm7250psa8155p_firmwarecsra6620_firmwarewcn3610sdx20_firmwarewcn3910_firmwareqrb5165_firmwaresd750g_firmwareqca6696_firmwareqca2064sxr2150psd865_5gipq8071_firmwareqca9377qcn9003_firmwarewcn3990_firmwarewcn3950_firmwarewcn3988wcn3615qca8085sd750gsd768g_firmwareqcs605mdm9615_firmwaremdm9640_firmwareqca4020qca9367_firmwareipq8074a_firmwareqcn5021_firmwareqcn6102ipq4018wcd9340_firmwaresd850qca6175a_firmwaresd_675_firmwaresd855_firmwaresd662_firmwareqcn5054_firmwareqca9889sdx50mwcd9371qca1023mdm9628wcn3610_firmwaresa6155qcm4290_firmwarewcn3660b_firmwaresm4375sdx20m_firmwarewcd9360_firmwareqrb5165m_firmwareqsm8350_firmwaresd768gwcn6740_firmwarewcn6856sdx50m_firmwareqca6175asa6155pipq8074_firmwaresa8150p_firmwaresd480wcd9330wcn7851_firmwaremdm8215_firmwareqca4024_firmwaresa8145pwcn3950ipq6018_firmwareqcn5122_firmwareqcn7605ipq8078a_firmwarewcn3680b_firmwareipq6010qca6421_firmwareqca6438_firmwareqca6574au_firmwaresd662qrb5165n_firmwareqca2065_firmwareipq4029_firmwareqam8295p_firmwareqca6564_firmwareqcs610_firmwareqcn5054ar8031qca6438qcm4290qcn6102_firmwareqcn5052sd660_firmwaresd730_firmwareqca6174_firmwaresd888qcn5550qca0000wcn6856_firmwareqcn6132_firmwareaqt1000qcn5152_firmwareqcs603qca9985ar8035qca8072_firmwareqsm8250qca6420wcd9360qca4531qca9898_firmwareqcm2290mdm9250qcn9011sa515msd845_firmwareqca6428_firmwaresa515m_firmwareqcn5550_firmwareqca9994_firmwareqcn5064apq8076ipq6028_firmwareqcn6023mdm9645_firmwareqca8081_firmwareqca9984ipq8068qca9898qca8075_firmwareqcn5164qcs2290qrb5165mipq8068_firmwareqca1064_firmwaresd7csd678qca6574auwcd9385_firmwareipq9574_firmwareapq8096auqcs410_firmwareqcn9000_firmwareipq8173_firmwaresd680qcn9001_firmwareqca9379sm4375_firmwareipq6010_firmwaresd_8cxqca9987sa8195pqca6574a_firmwareqca9888sa8155_firmwarewsa8830_firmwareipq8174_firmwaresd_8_gen1_5g_firmwareqcn6100wcd9341sd680_firmwareqca9992_firmwareqca2065apq8096au_firmwareqcn9001qca6584sd780gqca6335_firmwaresdx55m_firmwareqcs6125_firmwareqcn9100ipq8072_firmwaresa8155ipq6000sd765qca6564wcd9330_firmwareqcn9022_firmwareqcs4290ipq5028sa4155pqca9369qcn7606sd845qcs410qca6428mdm9310qca6595au_firmwareqca1062qca6310qcn9000qcn7606_firmwareipq8074mdm9607qca6426_firmwareqca4531_firmwaresa6150psd710_firmwareqca9889_firmwarewsa8830ipq8072wsa8815qcn9003ipq9008wcn3680bsd855wcd9340qca0000_firmwaresdx55_firmwaresxr2150p_firmwareqca8386_firmwaresc8180x\+sdx55_firmwareqcn5022_firmwaresa4155p_firmwaremdm9650qca8072sd765g_firmwareqca8084_firmwareqcm6125_firmwarewcn6750ipq4019_firmwaresd695_firmwareqca9994qca6335sd_675qcn5024_firmwarecsra6640mdm9215_firmwareqca6430_firmwareqca8081sm7325p_firmwareqca6584ausd870ipq6018ipq5018_firmwareipq9574qcn9024_firmwareipq4028_firmwareqcn9011_firmwaresa6155_firmwarewcn6855qcx315_firmwareipq8072awcn3910ipq8070a_firmwareqca9880_firmwaresm6250qca6431wcd9370sd888_firmwareqcn5152qca9992sd720g_firmwaresd765gqca9985_firmwaresd670qcn9002_firmwareqcn9274wsa8810_firmwarewsa8815_firmwaresd850_firmwareipq8076aqcn7605_firmwaresa8155psdxr1wsa8810aqt1000_firmwareipq8076wcd9335_firmwaresm7250p_firmwareqcn5154_firmwarear9380_firmwaremdm9310_firmwarewcn6851wcd9370_firmwareqca6420_firmwareqcn6023_firmwareqca8082_firmwareipq4028qcm6125ipq8174ipq8064_firmwareqca4020_firmwareqca6391_firmwarewcd9326_firmwaresa6145papq8017qca8085_firmwarewcd9375msm8976_firmwareipq8076_firmwaremdm9215qca2062qca9980_firmwaresm6250p_firmwaresd778gwcd9371_firmwareipq8071a_firmwaremsm8976qca9980sd712_firmwarewcn7851qcn9002qca6310_firmwaresd710qca6436_firmwaresa8195p_firmwareqcn5064_firmwarewcd9341_firmwareqca9886sd821ipq6000_firmwareqca8082qca6174a_firmwareqca6564a_firmwareqcn5021mdm9650_firmwareqcs405_firmwareqcn6024_firmwareqcs6490ipq5018sdx55sd460_firmwareqca9990qca1064sd820sd665_firmwareqca7500sa6145p_firmwareipq5028_firmwaresm4125qca6390ipq5010_firmwaresa8145p_firmwaresw5100wcn6850csr8811sa415mqcs603_firmwareqca6584au_firmwareqca6320_firmwareqcn9100_firmwareqcm6490qcn6024qca6174awcd9335wcn3999sd7c_firmwaresd670_firmwaresd835qca6595_firmwareqrb5165nqrb5165mdm9250_firmwaresa8295pqcn9074qca6174qcm2290_firmwareqcn9274_firmwarewcd9380mdm9628_firmwareqca2064_firmwaresd695ipq8064qca9369_firmwaresd_8cx_gen3ipq8069_firmwarewcd9375_firmwaresa6150p_firmwarear8035_firmwareipq8070_firmwareqca9880qcn6100_firmwaresdx12_firmwareqcn6112wcn6855_firmwaresd780g_firmwareqca1023_firmwaresdx65_firmwareqcn5124_firmwaremdm9206sdxr1_firmwareqcn5164_firmwaremdm9607_firmwarewcn3990apq8076_firmwaresd690_5gqca1062_firmwarewsa8835wcn3998ar8031_firmwarecsr8811_firmwareqca8337_firmwaremdm9206_firmwareqcn6122_firmwaresd820_firmwareqca9990_firmwareipq8072a_firmwarewcd9385wcn7850_firmwareqcn6112_firmwaresdx65ipq4029mdm9640wcn6750_firmwareipq8065sd888_5gqcn9070_firmwarepmp8074qca8075pmp8074_firmwaresd678_firmwarewcn3999_firmwareqcs6125qca9984_firmwareqca6574qsm8350wcn3991csra6640_firmwareqca6574_firmwaresa415m_firmwareipq8076a_firmwarear9380qca6564asdx20msd675_firmwaresd665qca9987_firmwaresd888_5g_firmwareqca6320qca8337sm6250_firmwaresdxr2_5gqcn6132wcn3980_firmwareqcs2290_firmwarewcn6851_firmwareipq4018_firmwarewcd9326qca8084qca9379_firmwaresa6155p_firmwareqcn9074_firmwaresa4150pqcn5154qca9377_firmwaremdm9645sw5100_firmwareipq8173qcn9072qca6564au_firmwarecsrb31024qca6426sd690_5g_firmwareqcn5022sm8475qcs605_firmwareipq5010wcn3988_firmwareqca6554asw5100pmdm9615sd_8cx_gen2Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-10485
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.70%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwaresdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-0205
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.03%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 22:32
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-thriftjboss_enterprise_application_platformcommunications_cloud_native_core_network_slice_selection_functionenterprise_linux_serverApache Thrift
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-20216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.78% / 85.51%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.
Product-ubuntu_linuxqemun/a
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-45395
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 20:15
Updated-24 Sep, 2024 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these data structures is computationally expensive. This can be used to consume excessive CPU resources, leading to a denial of service attack. TUF's security model labels this type of vulnerability an "Endless data attack," and can lead to verification failing to complete and disrupting services that rely on sigstore-go for verification. This vulnerability is addressed with sigstore-go 0.6.1, which adds hard limits to the number of verifiable data structures that can be processed in a bundle. Verification will fail if a bundle has data that exceeds these limits. The limits are 32 signed transparency log entries, 32 RFC 3161 timestamps, 1024 attestation subjects, and 32 digests per attestation subject. These limits are intended to be high enough to accommodate the vast majority of use cases, while preventing the verification of maliciously crafted bundles that contain large amounts of verifiable data. Users who are vulnerable but unable to quickly upgrade may consider adding manual bundle validation to enforce limits similar to those in the referenced patch prior to calling sigstore-go's verification functions.

Action-Not Available
Vendor-sigstoresigstore
Product-sigstore-gosigstore-go
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-45692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.88%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 00:00
Updated-05 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

Action-Not Available
Vendor-virtualminn/avirtualminWebmin
Product-webminvirtualminn/awebminvirtualmin
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-8741
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.51% / 80.49%
||
7 Day CHG~0.00%
Published-28 Feb, 2020 | 13:01
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-40675
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 19:13
Updated-22 Apr, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-34487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.43%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 00:00
Updated-15 Apr, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0.

Action-Not Available
Vendor-facuetn/afaucet-sdn
Product-ryun/aryu
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-34488
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.43%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 00:00
Updated-15 Apr, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0.

Action-Not Available
Vendor-facuetn/afacuet
Product-ryun/aryu
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-33623
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-3.7||LOW
EPSS-0.47% / 63.82%
||
7 Day CHG+0.14%
Published-30 Oct, 2024 | 13:35
Updated-13 Nov, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOne
Product-wbr-6012_firmwarewbr-6012WBR-6012
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-3252
Matching Score-4
Assigner-Swift Project
ShareView Details
Matching Score-4
Assigner-Swift Project
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.75%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 18:45
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub.

Action-Not Available
Vendor-Swift ProjectApple Inc.
Product-swift-nio-extrasSwiftNIO Extras
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-50321
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.69%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 15:33
Updated-18 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-50319
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.69%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 15:32
Updated-18 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-2909
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.93%
||
7 Day CHG~0.00%
Published-07 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.

Action-Not Available
Vendor-cesantaCesanta
Product-mongooseMongoose
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-20041
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.57%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_410_firmwaresma_210sma_410sma_400_firmwaresma_210_firmwaresma_500v_firmwaresma_500vsma_200_firmwaresma_200sma_400SonicWall SMA100
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-1252
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.53%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:25
Updated-08 Nov, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-35139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.45%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

Action-Not Available
Vendor-facuetn/a
Product-ryun/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-2833
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.46%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:24
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Endless Infinite loop in Blender-thumnailing due to logical bugs.

Action-Not Available
Vendor-n/aBlender Foundation
Product-blenderBlender
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found