Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-GGGQ-J347-R3W6

Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tee: optee: Fix supplicant wait loop

OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application.

Allow the client process waiting in kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. Also, a normal uninterruptible wait should not have resulted in the hung-task watchdog getting triggered, but the endless loop would.

This fixes issues observed during system reboot/shutdown when supplicant got hung for some reason or gets crashed/killed which lead to client getting hung in an unkillable state. It in turn lead to system being in hung up state requiring hard power off/on to recover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T14:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
  "id": "GHSA-gggq-j347-r3w6",
  "modified": "2025-11-03T21:33:13Z",
  "published": "2025-03-27T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21871"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GH28-WW79-7H4V

Vulnerability from github – Published: 2026-05-12 00:31 – Updated: 2026-05-12 00:31
VLAI
Details

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-11T23:19:47Z",
    "severity": "MODERATE"
  },
  "details": "barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.",
  "id": "GHSA-gh28-ww79-7h4v",
  "modified": "2026-05-12T00:31:15Z",
  "published": "2026-05-12T00:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34962"
    },
    {
      "type": "WEB",
      "url": "https://github.com/barebox/barebox"
    },
    {
      "type": "WEB",
      "url": "https://github.com/barebox/barebox/releases/tag/v2026.04.0"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/barebox-ext4-directory-parsing-infinite-loop-denial-of-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GH4V-V2HH-G9M6

Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-06 15:30
VLAI
Details

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.",
  "id": "GHSA-gh4v-v2hh-g9m6",
  "modified": "2023-04-06T15:30:18Z",
  "published": "2023-03-29T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37013"
    },
    {
      "type": "WEB",
      "url": "https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GH88-3PXP-6FM8

Vulnerability from github – Published: 2022-01-21 23:39 – Updated: 2022-01-21 21:04
VLAI
Summary
Infinite Loop in colors.js
Details

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "colors"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-21T21:04:45Z",
    "nvd_published_at": "2022-01-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers\u0027 controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i \u003c Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0",
  "id": "GHSA-gh88-3pxp-6fm8",
  "modified": "2022-01-21T21:04:45Z",
  "published": "2022-01-21T23:39:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23567"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Marak/colors.js/issues/285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Marak/colors.js/issues/285%23issuecomment-1008212640"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6%23diff-92bbac9a308cd5fcf9db165841f2d90ce981baddcb2b1e26cfff170929af3bd1R18"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Marak/colors.js"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-COLORS-2331906"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Infinite Loop in colors.js"
}

GHSA-GH8J-2PGF-X458

Vulnerability from github – Published: 2021-09-13 20:05 – Updated: 2024-10-26 18:35
VLAI
Summary
Infinite Loop in rencode
Details

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rencode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-40839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-13T19:11:37Z",
    "nvd_published_at": "2021-09-10T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\\x2f\\x7f), enabling a remote attack that consumes CPU and memory.",
  "id": "GHSA-gh8j-2pgf-x458",
  "modified": "2024-10-26T18:35:18Z",
  "published": "2021-09-13T20:05:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40839"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aresch/rencode/pull/29"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-gh8j-2pgf-x458"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aresch/rencode"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rencode/PYSEC-2021-345.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENY"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/rencode/#history"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/Sep/16"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211008-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Infinite Loop in rencode"
}

GHSA-GHP6-Q6JG-FC8Q

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-18T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.",
  "id": "GHSA-ghp6-q6jg-fc8q",
  "modified": "2022-05-13T01:43:48Z",
  "published": "2022-05-13T01:43:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15602"
    },
    {
      "type": "WEB",
      "url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHVX-46W7-4V7R

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-07T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.",
  "id": "GHSA-ghvx-46w7-4v7r",
  "modified": "2022-05-13T01:42:40Z",
  "published": "2022-05-13T01:42:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12412"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cn-uofbasel/ccn-lite/issues/128"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ7R-55X2-8VV5

Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-16 00:00
VLAI
Details

PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-09T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.",
  "id": "GHSA-gj7r-55x2-8vv5",
  "modified": "2022-09-16T00:00:40Z",
  "published": "2022-09-10T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37819"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21/diffs?commit_id=9b0cbb76c8434a8505f02ada02a94263dcae9247#diff-content-b3cfd29983c793bcae2375502abd5baa8f5d1081"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ9G-P4V8-HQFC

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49
VLAI
Details

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-17T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).",
  "id": "GHSA-gj9g-p4v8-hqfc",
  "modified": "2022-05-13T01:49:56Z",
  "published": "2022-05-13T01:49:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14347"
    },
    {
      "type": "WEB",
      "url": "https://gnunet.org/bugs/view.php?id=5399"
    },
    {
      "type": "WEB",
      "url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4290"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GM2P-WF5C-W3PJ

Vulnerability from github – Published: 2025-04-21 16:19 – Updated: 2025-10-14 21:59
VLAI
Summary
Infinite loop condition in Amazon.IonDotnet
Details

Summary

Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.

An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition.

Impact

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.

Impacted versions: <=1.3.0

Patches

This issue has been addressed in Amazon.IonDotnet version 1.3.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds

There are no workarounds. Upgrade to version 1.3.1.

References

If you have any questions or comments about this advisory, contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Credit

We would like to thank Josh Coleman from Symbotic for collaborating on this issue through the coordinated vulnerability disclosure process.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Amazon.IonDotnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-3857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-21T16:19:20Z",
    "nvd_published_at": "2025-04-21T16:15:54Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\n[Amazon.IonDotnet (ion-dotnet)](https://github.com/amazon-ion/ion-dotnet) is a .NET library with an implementation of the [Ion data serialization format](https://amazon-ion.github.io/ion-docs/).\n\nAn issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition.\n\n## Impact\n\nWhen reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.\n\n**Impacted versions: \u003c=1.3.0**\n\n## Patches\n\nThis issue has been addressed in Amazon.IonDotnet version [1.3.1](https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.1). We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.\n\n## Workarounds\n\nThere are no workarounds. Upgrade to version 1.3.1.\n\n## References\n\nIf you have any questions or comments about this advisory, contact AWS/Amazon Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n## Credit\n\nWe would like to thank Josh Coleman from Symbotic for collaborating on this issue through the coordinated vulnerability disclosure process.",
  "id": "GHSA-gm2p-wf5c-w3pj",
  "modified": "2025-10-14T21:59:16Z",
  "published": "2025-04-21T16:19:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-gm2p-wf5c-w3pj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3857"
    },
    {
      "type": "WEB",
      "url": "https://github.com/amazon-ion/ion-dotnet/commit/34a4f5215eceac1bb7bf434c4f2310d64d1b703b"
    },
    {
      "type": "WEB",
      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-009"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/amazon-ion/ion-dotnet"
    },
    {
      "type": "WEB",
      "url": "https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Infinite loop condition in Amazon.IonDotnet"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.