Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1054 vulnerabilities reference this CWE, most recent first.

GHSA-Q684-CG7V-QP6C

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2024-09-12 18:31
VLAI
Details

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-22T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.",
  "id": "GHSA-q684-cg7v-qp6c",
  "modified": "2024-09-12T18:31:37Z",
  "published": "2022-05-13T01:04:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10289"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699271"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?2e43685dc8a8a886fc9df9b3663cf199404f7637"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6CX-7X3W-57HW

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8112"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-02T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.",
  "id": "GHSA-q6cx-7x3w-57hw",
  "modified": "2022-05-13T01:16:20Z",
  "published": "2022-05-13T01:16:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8112"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-03"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/04/26/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6GQ-997W-F55G

Vulnerability from github – Published: 2021-12-16 19:16 – Updated: 2025-10-14 19:37
VLAI
Summary
Withdrawn Advisory: Infinite loop in xz
Details

Withdrawn Advisory

This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.

Original Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ulikunitz/xz"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-16845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-18T22:05:40Z",
    "nvd_published_at": "2020-08-06T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Withdrawn Advisory\nThis advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.\n\n### Original Description\nGo before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.",
  "id": "GHSA-q6gq-997w-f55g",
  "modified": "2025-10-14T19:37:19Z",
  "published": "2021-12-16T19:16:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ulikunitz/xz/issues/35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200924-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4848"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Withdrawn Advisory: Infinite loop in xz",
  "withdrawn": "2025-10-14T19:37:18Z"
}

GHSA-Q74V-9PHF-C8WH

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-20 03:38
VLAI
Details

QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-08T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.",
  "id": "GHSA-q74v-9phf-c8wh",
  "modified": "2025-04-20T03:38:42Z",
  "published": "2022-05-13T01:13:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452620"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-03"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3920"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/05/31/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98766"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7P8-H39R-CM7R

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06
VLAI
Details

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-15T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.",
  "id": "GHSA-q7p8-h39r-cm7r",
  "modified": "2022-05-24T17:06:21Z",
  "published": "2022-05-24T17:06:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1600"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10979"
    },
    {
      "type": "WEB",
      "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1402185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q7WX-433J-27HV

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2025-03-11 12:30
VLAI
Details

A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Nucleus 4 (All versions \u003c V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.",
  "id": "GHSA-q7wx-433j-27hv",
  "modified": "2025-03-11T12:30:58Z",
  "published": "2022-05-24T17:48:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25664"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q844-WPFG-W2H9

Vulnerability from github – Published: 2024-09-13 09:30 – Updated: 2024-09-19 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

libfs: fix infinite directory reads for offset dir

After we switch tmpfs dir operations from simple_dir_operations to simple_offset_dir_operations, every rename happened will fill new dentry to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free key starting with octx->newx_offset, and then set newx_offset equals to free key + 1. This will lead to infinite readdir combine with rename happened at the same time, which fail generic/736 in xfstests(detail show as below).

  1. create 5000 files(1 2 3...) under one dir
  2. call readdir(man 3 readdir) once, and get one entry
  3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)
  4. loop 2~3, until readdir return nothing or we loop too many times(tmpfs break test with the second condition)

We choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite directory reads") to fix it, record the last_index when we open dir, and do not emit the entry which index >= last_index. The file->private_data now used in offset dir can use directly to do this, and we also update the last_index when we llseek the dir file.

[brauner: only update last_index after seek when offset is zero like Jan suggested]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-13T07:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\u0027s maple tree(\u0026SHMEM_I(inode)-\u003edir_offsets-\u003emt) with a free\nkey starting with octx-\u003enewx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, \"TEMPFILE\"), then rename(\"TEMPFILE\", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf (\"btrfs: fix infinite\ndirectory reads\") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index \u003e= last_index. The file-\u003eprivate_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]",
  "id": "GHSA-q844-wpfg-w2h9",
  "modified": "2024-09-19T15:30:49Z",
  "published": "2024-09-13T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46701"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8C2-FV73-QC5X

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-07T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
  "id": "GHSA-q8c2-fv73-qc5x",
  "modified": "2022-05-13T01:23:17Z",
  "published": "2022-05-13T01:23:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18024"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1337"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4034-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8MX-78GM-98MH

Vulnerability from github – Published: 2023-01-20 21:30 – Updated: 2023-02-02 18:30
VLAI
Details

When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-20T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.",
  "id": "GHSA-q8mx-78gm-98mh",
  "modified": "2023-02-02T18:30:30Z",
  "published": "2023-01-20T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33642"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q98G-HXG3-268C

Vulnerability from github – Published: 2024-08-22 21:31 – Updated: 2025-11-04 00:31
VLAI
Details

There is a HIGH severity vulnerability affecting the CPython "zipfile" module.

When iterating over names of entries in a zip archive (for example, methods of "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.ZipFile\" like \"namelist()\", \"iterdir()\", \"extractall()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
  "id": "GHSA-q98g-hxg3-268c",
  "modified": "2025-11-04T00:31:17Z",
  "published": "2024-08-22T21:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/123270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/122905"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/122906"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241011-0010"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/08/22/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/08/22/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/08/23/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/08/23/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.