CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

DEBIAN-CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5399 WebSocket endless loop

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5399

CVE-2025-5399 affects libcurl’s WebSocket handling. The defect in curl_ws_send/curl WebSocket code can cause a malicious server to trigger an endless busy-loop, leading to denial of service as the application hangs until process termination. Public details confirm the issue arises from a WebSocke...

SUSE CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.14.1-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: WebSocket endless loop. For more information, see:...

CURL-CVE-2025-5399 WebSocket endless loop

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2024-53980

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

CVE-2021-42084

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service...

CVE-2019-14207

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object caused by an append error...

Linux Distros Unpatched Vulnerability : CVE-2019-19451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus...

CVE-2024-53685

In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATHMAX If the full path to be built by cephmdscbuildpath happens to be longer than PATHMAX, then this function will enter an endless retry loop, effectively blocking the whole task. Most of the...

CVE-2024-53685

CVE-2024-53685 concerns the Linux kernel Ceph path construction: when the full path built by ceph_mdsc_build_path() exceeds PATH_MAX, the function enters an endless retry loop, effectively DoS-ing the system. The description notes the fix is to remove the retry and fail with ENAMETOOLONG instead,...

CVE-2024-53980 Spoofed length byte traps CC2538 in endless loop

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

CVE-2024-53980 Spoofed length byte traps CC2538 in endless loop

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

CVE-2024-53980

RIOT OS vulnerability affecting CC2538 radio reception. A malicious actor can send a IEEE 802.15.4 packet with a spoofed length byte (and optionally spoofed FCS), causing the receiver to enter an endless loop. The root cause is the CRC position check: before PR #20998 the code used the full 8 bit...

CVE-2024-53980 Spoofed length byte traps CC2538 in endless loop

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

MGASA-2024-0323 Updated openjpeg2 packages fix security vulnerability

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. CVE-2023-39327...

In Apache Thrift all versions up to and including 0.12.0 a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0 depending on the installed version it affects only certain language bindings.

...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...