Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-VXH7-CXQM-X83V

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 18:30
VLAI
Details

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702",
  "id": "GHSA-vxh7-cxqm-x83v",
  "modified": "2023-03-29T18:30:30Z",
  "published": "2023-03-24T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20997"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXR4-JXWH-JJCG

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36
VLAI
Details

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T23:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.",
  "id": "GHSA-vxr4-jxwh-jjcg",
  "modified": "2025-04-20T03:36:01Z",
  "published": "2022-05-13T01:47:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7746"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=58e69cc769dea24b721abd8a29f9eedc11024b7e"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2017-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97635"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W275-M8CR-HF2V

Vulnerability from github – Published: 2024-02-08 06:30 – Updated: 2024-10-02 18:38
VLAI
Summary
Liferay Portal denial-of-service vulnerability
Details

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.portal.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.4.3.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.10.fp19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.3.10.u6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.4.0"
            },
            {
              "fixed": "7.4.13.u27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-25144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-834",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-08T18:26:20Z",
    "nvd_published_at": "2024-02-08T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.",
  "id": "GHSA-w275-m8cr-hf2v",
  "modified": "2024-10-02T18:38:40Z",
  "published": "2024-02-08T06:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25144"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/liferay/liferay-portal"
    },
    {
      "type": "WEB",
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Liferay Portal denial-of-service vulnerability"
}

GHSA-W2GG-J3HP-GFQV

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31
VLAI
Details

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T17:15:35Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThis vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically.",
  "id": "GHSA-w2gg-j3hp-gfqv",
  "modified": "2025-08-14T18:31:29Z",
  "published": "2025-08-14T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20217"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-SvKhtjgt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W394-4962-55G6

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-10-26 12:00
VLAI
Details

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V16 Update 4). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.",
  "id": "GHSA-w394-4962-55g6",
  "modified": "2022-10-26T12:00:38Z",
  "published": "2022-05-24T19:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27385"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W3RX-R6R6-PGPR

Vulnerability from github – Published: 2026-06-10 15:31 – Updated: 2026-06-10 15:31
VLAI
Details

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-10T14:16:30Z",
    "severity": "HIGH"
  },
  "details": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.",
  "id": "GHSA-w3rx-r6r6-pgpr",
  "modified": "2026-06-10T15:31:30Z",
  "published": "2026-06-10T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71330"
    },
    {
      "type": "WEB",
      "url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W4Q8-8R22-VPJC

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31
VLAI
Details

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. 

This vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device processes DNS packets with DNS inspection enabled and the device is configured for NAT44, NAT64, or NAT46. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20136"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T17:15:35Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\u0026nbsp;\n\nThis vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device processes DNS packets with DNS inspection enabled and the device is configured for NAT44, NAT64, or NAT46. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition.",
  "id": "GHSA-w4q8-8r22-vpjc",
  "modified": "2025-08-14T18:31:29Z",
  "published": "2025-08-14T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20136"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nat-dns-dos-bqhynHTM"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W4RP-W99F-63VQ

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.",
  "id": "GHSA-w4rp-w99f-63vq",
  "modified": "2022-05-24T17:36:00Z",
  "published": "2022-05-24T17:36:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13984"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/815128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W5FX-CX7F-6VR9

Vulnerability from github – Published: 2023-10-09 06:30 – Updated: 2024-10-30 18:06
VLAI
Summary
MediaWiki Denial of Service vulnerability
Details

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mediawiki/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.35.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mediawiki/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.36.0"
            },
            {
              "fixed": "1.39.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mediawiki/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.40.0"
            },
            {
              "fixed": "1.40.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.40.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-45363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-30T18:06:32Z",
    "nvd_published_at": "2023-10-09T05:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.",
  "id": "GHSA-w5fx-cx7f-6vr9",
  "modified": "2024-10-30T18:06:32Z",
  "published": "2023-10-09T06:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wikimedia/mediawiki"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T333050"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5520"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MediaWiki Denial of Service vulnerability"
}

GHSA-W7G3-8FQ6-H7F2

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 15:30
VLAI
Details

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-23T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.",
  "id": "GHSA-w7g3-8fq6-h7f2",
  "modified": "2024-01-23T15:30:56Z",
  "published": "2022-05-24T17:34:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20803"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-38070"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.