CVE-2023-53133

CVE-2023-53133 affects the Linux kernel’s BPF sockmap path (tcp_bpf_recvmsg_parser) where a 0-length recvmsg can loop indefinitely. The description and connected advisories confirm the root cause is an infinite loop when len is 0 and that the fix is to return 0 for length 0 in tcp_bpf_recvmsg_par...

PT-2025-18897 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue is related to an infinite loop error in the tcp bpf recvmsg parser function when the buffer length of the recvmsg system call is 0. This can cause a soft lockup problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from tcpbpfrecvmsgparser not properly handling a len of 0 resulting in an infinite loop error...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an insufficient integer overflow check that could lead to an infinite loop...

PT-2025-18479 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an integer overflow bug in the Linux kernel when iterating over ATTR RECORDs in the mft record. This occurs because the kernel calculates the end address of the...

Amazon Linux AMI : python26 (ALAS-2025-1972)

The version of python26 installed on the remote host is prior to 2.6.9-2.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1972 advisory. A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)

Summary OpenSSL is used by DataStage on Cloud Pak for Data as part of secure network communication. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-craft...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

CVE-2025-3857

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

GHSA-GM2P-WF5C-W3PJ Infinite loop condition in Amazon.IonDotnet

Summary Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition. Impact When reading binary Ion...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the RawBinaryReader class. This is due to a missing check of the number of bytes read from the underlying stream while deserializing the binary format when reading binary Ion data. Remediation Upgrade Amazon.IonDotnet ...

Infinite loop condition in Amazon.IonDotnet

Summary Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition. Impact When reading binary Ion...

CVE-2025-3857

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

CVE-2025-3857

Summary: A vulnerability in Amazon.IonDotnet’s RawBinaryReader can cause an infinite loop when reading binary Ion data if the input is malformed or truncated, due to not checking the number of bytes read from the underlying stream. This could lead to denial of service. Affected versions: Amazon.I...

CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

PT-2025-17447 · Amazon · Amazon.Iondotnet

Name of the Vulnerable Software and Affected Versions: Amazon.IonDotnet versions prior to 1.3.1 Description: The issue occurs when reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class. Amazon.IonDotnet does not check the number of bytes read from the underlying stream...

Infinite loop condition in Amazon.IonDotnet

Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition...

Azure Linux 3.0 Security Update: qemu (CVE-2023-3255)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3255 advisory. - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit conditio...