16568 matches found
Infinite loop
Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by...
GHSA-F886-M6HF-6M8V brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...
Infinite loop
Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by supplyin...
CVE-2026-33487
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...
RLSA-2026:5080 Important: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
CVE-2026-33487
The connected GHSA entry details a concrete vulnerability in goxmldsig: the validateSignature loop captures the loop variable by reference (ref = &_ref) when iterating signedInfo.References, causing the ref pointer to alias the last element. This can let an attacker substitute one referenced elem...
CVE-2026-33487
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...
CVE-2026-33487 goxmldsig has validateSignature Loop Variable Capture Signature Bypass
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...
CVE-2026-33487 goxmldsig has validateSignature Loop Variable Capture Signature Bypass
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...
CVE-2026-33487 goxmldsig has validateSignature Loop Variable Capture Signature Bypass
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...
CVE-2026-30911
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-4179
Issues in stm32 USB device driver drivers/usb/device/usbdcstm32.c can lead to an infinite while loop...
CVE-2026-32873
ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...
CVE-2026-32256
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...
can: ucan: Fix infinite loop from zero-length messages
...
PT-2026-28556
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...
PT-2026-28359
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ undefined behavior triggered by a 1-phase ↔ 3-phase switch request ac switch three phases while charging...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the readfromstream function of DictionaryObject. An attacker can cause the application to enter an infinite loop ...
GHSA-87MJ-5GGW-8QC3 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...