sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

BIT-MEDIAWIKI-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

Debian dla-3671 : mediawiki - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3671 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3671-1 [email protected]...

kernel: dm crypt: add cond_resched() to dmcrypt_write()

In the Linux kernel, the following vulnerability has been resolved: dm crypt: add condresched to dmcryptwrite The loop in dmcryptwrite may be running for unbounded amount of time, thus we need condresched in it. This commit fixes the following warning: 3391.153255 C12 watchdog: BUG: soft lockup -...

GHSA-W5FX-CX7F-6VR9 MediaWiki Denial of Service vulnerability

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

DEBIAN-CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

UBUNTU-CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

CVE-2023-45363

The CVE-2023-45363 issue affects MediaWiki and specifically the ApiPageSet.php path. Affected variants include MediaWiki releases before 1.35.12, 1.36.x–1.39.x before 1.39.5, and 1.40.x before 1.40.1. The vulnerability allows a denial of service via an unbounded loop when querying pages redirecte...

Unbounded Loop in DNS Name Encoder Library

Lines of code Vulnerability details Impact The unchecked keyword disables overflow and underflow checks for arithmetic operations, which can cause unexpected behavior if the loop is not properly bounded. In this specific case, the loop is not properly bounded, which can cause the loop to run...

SUSE CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...

[M-01] emitUserMetadata function may fail due to exceed gas limit

Lines of code Vulnerability details Impact The function emitUserMetadata in DripsHub may fail due to unbounded loop over userMetadata can be very large due to the user input. However, function could be called only from drivers, it's still public and large array could be passed. And the loop in...

Unbounded loop can block claim

Lines of code Vulnerability details Unbounded loop can block claim Impact There are no bounds on the number of rewardTokens in the loop, this can run out of gas due to cost of the operations. Proof Of Concept function claimERC20 producerToken, address user external ... uint256 rLen =...

Potential DoS in unbounded for loop

Lines of code Vulnerability details Proof of Concept The function facets in Getters.sol iterates over the DiamondStorage facets array. In Diamond.sol we can see that by calling diamondCut in a way that saveFacetIfNew gets called, the diamond owner can add an indefinite amount of entries. If this ...

Unbounded loop in BaseV1-core.sol could lead to a griefing/DOS attack

Lines of code Vulnerability details Denial Of Service Attack Denial-of-service attacks: Attacks that cause DoS are called DoS attacks. The purpose is to disable the computer or network from providing normal service. Description: As this array can grow quite large, the transaction’s gas cost could...

Possible DOS in lendToProject() and toggleLendingNeeded() function because unbounded loop can run out of gas

Lines of code Vulnerability details Impact In Project contract, the lendToProject function might not be available to be called if there are a lot of Task in tasks list of project. It means that the project cannot be funded by either builder or community owner. This can happen because lendToProjec...