58 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: Fixed an infinite busy loop after the timeout period has expired. After the commit 0a65bc27bd64 “eventpoll: Sets the epoll timeout if it’s in the future”, the following program would immediately enter an infinite bu...
DEBIAN-CVE-2026-42577
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...
UBUNTU-CVE-2026-42577
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...
Snappier has an infinite loop during SnappyStream decompression with malformed framed input
Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...
JLSEC-2026-434 Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted...
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
JLSEC-2026-390
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...
CVE-2022-42324
Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...
EUVD-2025-27869
Malicious code in bioql PyPI...
Security update for curl
This update for curl fixes the following issues: CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. CVE-2025-4947: QUIC certificate check skip with wolfSS...
Linux Distros Unpatched Vulnerability : CVE-2025-38017
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
UBUNTU-CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
CVE-2025-38017
CVE-2025-38017 affects the Linux kernel, specifically the fs/eventpoll path used by epoll_pwait2. After the fix in the commit described as setting epoll timeout when in the future, a non-zero timeout (e.g., 1 ns) could cause an endless busy loop if the timeout expires before ep_poll() is entered,...
CVE-2025-38017 fs/eventpoll: fix endless busy loop after timeout has expired
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
CVE-2025-38017 fs/eventpoll: fix endless busy loop after timeout has expired
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...
CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
ALPINE-CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion
A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...