Upgraded Q -> 2 from #203 [1699029806392]

Judge has assessed an item in Issue 203 as 2 risk. The relevant finding follows: L-1 Function updateScores spends all gas and reverts if a user has score updated Summary Function updateScores incorrectly handles case when a user’s score is already updated. Vulnerability Details There is a for loo...

CVE-2023-42524

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security...

The vulnerability of the QXmlStreamReader function in the cross-platform framework for Qt software development allows a attacker to cause a service failure.

The vulnerability of the QXmlStreamReader function in the cross-platform software development framework for Qt is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CVE-2020-35141

An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service DoS infinite loop...

CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...

The vulnerability of the JSE component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to induce a service failure.

The vulnerability of the JSE component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2023-36807

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

Debian: Security Advisory (DLA-3451-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-32058 Vyper vulnerable to integer overflow in loop

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

Google Android Denial of Service Vulnerability (CNVD-2023-36103)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that stems from an uncaught exception in the PreferencesHelper.java component, which can be exploited by an attacker to cause the device to get stuck in a boot...

The vulnerability of the Convert::ASN1 module in the data processing library using ASN.1 definitions allows a attacker to cause a service failure.

The vulnerability of the Convert::ASN1 module in the data processing library that uses ASN.1 definitions allows for a loop with an unreachable exit condition. Exploiting this vulnerability can enable a malicious actor to cause service failures...

CVE-2023-27560

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields...

SUSE CVE-2018-14341

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow...

SUSE CVE-2018-14342

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths...

The vulnerability of the link counting function in the BSS mode of the Linux operating system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of the link counting function in the BSS mode of the Linux operating system’s kernel is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to execute arbitrary code...

PT-2022-35056 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns erroneous memory clean-up loops in the vt6655 staging driver. It was introduced in version v4.18 and fixed in version v6.0.3. The actual impact and attack plausibility have...

The vulnerability of the QEMU hardware emulation software, related to executing a loop with an unavailable exit condition, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation engine is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a perpetrator to trigger a service failure...

RHEL 8 : compat-openssl10 (RHSA-2022:5326)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:5326 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Design/Logic Flaw

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop' vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess can result in DoS by infinite loop. To exploit, the victim must...

CVE-2021-40592

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop' vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess can result in DoS by infinite loop. To exploit, the victim must...