CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1062 vulnerabilities reference this CWE, most recent first.
GHSA-6XGJ-C5FX-5V57
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 16:17A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "dbgpt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10829"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T16:17:52Z",
"nvd_published_at": "2025-03-20T10:15:20Z",
"severity": "HIGH"
},
"details": "A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.",
"id": "GHSA-6xgj-c5fx-5v57",
"modified": "2025-03-21T16:17:52Z",
"published": "2025-03-20T12:32:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10829"
},
{
"type": "PACKAGE",
"url": "https://github.com/eosphoros-ai/DB-GPT"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "DB-GPT Uncontrolled Resource Consumption vulnerability"
}
GHSA-6XVV-489Q-R47W
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.
{
"affected": [],
"aliases": [
"CVE-2018-7330"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.",
"id": "GHSA-6xvv-489q-r47w",
"modified": "2022-05-13T01:53:21Z",
"published": "2022-05-13T01:53:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7330"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-72GC-HGRP-5GWH
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.
{
"affected": [],
"aliases": [
"CVE-2017-0685"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-06T20:29:00Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.",
"id": "GHSA-72gc-hgrp-5gwh",
"modified": "2022-05-13T01:40:28Z",
"published": "2022-05-13T01:40:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0685"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99478"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-72H3-JFRP-4P28
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
{
"affected": [],
"aliases": [
"CVE-2018-6687"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-21T14:29:00Z",
"severity": "MODERATE"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.",
"id": "GHSA-72h3-jfrp-4p28",
"modified": "2022-05-13T01:20:30Z",
"published": "2022-05-13T01:20:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6687"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10270"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107126"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-72V4-8C49-WHVJ
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-11338"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-17T13:18:00Z",
"severity": "MODERATE"
},
"details": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-72v4-8c49-whvj",
"modified": "2022-05-13T01:42:16Z",
"published": "2022-05-13T01:42:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11338"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470913"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-73PF-VF3Q-789Q
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.
{
"affected": [],
"aliases": [
"CVE-2018-7328"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.",
"id": "GHSA-73pf-vf3q-789q",
"modified": "2022-05-13T01:53:20Z",
"published": "2022-05-13T01:53:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7328"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7423-57PF-4W2Q
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2024-04-04 02:46The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
{
"affected": [],
"aliases": [
"CVE-2015-5278"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-23T20:15:00Z",
"severity": "MODERATE"
},
"details": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.",
"id": "GHSA-7423-57pf-4w2q",
"modified": "2024-04-04T02:46:46Z",
"published": "2022-05-24T17:07:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5278"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2745-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7425-C3X3-HHJQ
Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-28 00:00A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
{
"affected": [],
"aliases": [
"CVE-2022-34760"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-13T21:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)",
"id": "GHSA-7425-c3x3-hhjq",
"modified": "2022-07-28T00:00:38Z",
"published": "2022-07-14T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34760"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74CG-CW39-RJ4G
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
page_pool: avoid infinite loop to schedule delayed worker
We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1].
Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally.
This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in page_pool_release_retry().
[1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of release_dw kworker.
{
"affected": [],
"aliases": [
"CVE-2025-37859"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: avoid infinite loop to schedule delayed worker\n\nWe noticed the kworker in page_pool_release_retry() was waken\nup repeatedly and infinitely in production because of the\nbuggy driver causing the inflight less than 0 and warning\nus in page_pool_inflight()[1].\n\nSince the inflight value goes negative, it means we should\nnot expect the whole page_pool to get back to work normally.\n\nThis patch mitigates the adverse effect by not rescheduling\nthe kworker when detecting the inflight negative in\npage_pool_release_retry().\n\n[1]\n[Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------\n[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages\n...\n[Mon Feb 10 20:36:11 2025] Call Trace:\n[Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70\n[Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370\n[Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0\n[Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140\n[Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370\n[Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40\n[Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40\n[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---\nNote: before this patch, the above calltrace would flood the\ndmesg due to repeated reschedule of release_dw kworker.",
"id": "GHSA-74cg-cw39-rj4g",
"modified": "2025-11-12T21:31:02Z",
"published": "2025-05-09T09:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37859"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74PV-V9GH-H25P
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2023-03-10 00:43RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jruby:jruby-stdlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000075"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-10T00:43:45Z",
"nvd_published_at": "2018-03-13T15:29:00Z",
"severity": "HIGH"
},
"details": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.",
"id": "GHSA-74pv-v9gh-h25p",
"modified": "2023-03-10T00:43:45Z",
"published": "2022-05-13T01:48:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000075"
},
{
"type": "WEB",
"url": "https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"
},
{
"type": "WEB",
"url": "https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"
},
{
"type": "WEB",
"url": "https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4219"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3621-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0663"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0591"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0542"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2028"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"type": "WEB",
"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "RubyGems Infinite Loop vulnerability"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.