CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS0.00175EPSS

Exploits0References2

OSV•added 2026/05/13 7:17 p.m.•4 views

DEBIAN-CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS5.8AI score0.00408EPSS

Exploits0References1

OSV•added 2026/05/13 7:17 p.m.•3 views

UBUNTU-CVE-2026-42577

7.5CVSS5.8AI score0.00408EPSS

Exploits0References5

Github Security Blog•added 2026/05/06 8:53 p.m.•12 views

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...

7.5CVSS5.8AI score0.00263EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/04 1:12 p.m.•6 views

JLSEC-2026-434 Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted...

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

7.5CVSS5.8AI score0.01226EPSS

Exploits1References6

OSV•added 2026/05/04 1:12 p.m.•7 views

JLSEC-2026-390

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...

7.5CVSS6.8AI score0.02434EPSS

Exploits1References10

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: Fixed an infinite busy loop after the timeout has expired. After the commit 0a65bc27bd64 “eventpoll: Sets the epoll timeout if it’s in the future”, the following program would immediately enter a busy loop in the...

5.5CVSS5.3AI score0.00137EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:52 a.m.•6 views

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

5.5CVSS6.7AI score0.0027EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-27869

Malicious code in bioql PyPI...

6.4AI score0.00137EPSS

Exploits0References2

SUSE Linux•added 2025/09/09 10:22 a.m.•2 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. CVE-2025-4947: QUIC certificate check skip with wolfSS...

8.3CVSS7.1AI score0.01226EPSS

Exploits4References18

Tenable Nessus•added 2025/08/05 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38017

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64...

5.5CVSS5AI score0.00137EPSS

Exploits0References2

RedhatCVE•added 2025/06/20 4:43 p.m.•4 views

CVE-2025-38017

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...

7CVSS7.2AI score0.00137EPSS

Exploits0References4

NVD•added 2025/06/18 10:15 a.m.•5 views

CVE-2025-38017

5.5CVSS0.00137EPSS

Exploits0References2

OSV•added 2025/06/18 10:15 a.m.•0 views

UBUNTU-CVE-2025-38017

5.5CVSS5.8AI score0.00137EPSS

Exploits0References5

Cvelist•added 2025/06/18 9:28 a.m.•9 views

CVE-2025-38017 fs/eventpoll: fix endless busy loop after timeout has expired

0.00137EPSS

Exploits0References2

CVE•added 2025/06/18 9:28 a.m.•17 views

CVE-2025-38017

CVE-2025-38017 affects the Linux kernel, specifically the fs/eventpoll path used by epoll_pwait2. After the fix in the commit described as setting epoll timeout when in the future, a non-zero timeout (e.g., 1 ns) could cause an endless busy loop if the timeout expires before ep_poll() is entered,...

5.5CVSS6.5AI score0.00137EPSS

Exploits0References2Affected Software1