Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2026-33814

CVE-2026-33814 describes an infinite loop in HTTP/2 transport when a SETTINGS_MAX_FRAME_SIZE value of 0 is processed in net/http/internal/http2 (golang.org/x/net). Affected component is the HTTP/2 transport; root cause is improper handling of SETTINGS frames causing repeated CONTINUATION frames, ...

EUVD-2026-28420

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

Infinite loop

Overview golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receiv...

GO-2026-4918 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

Infinite loop

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior t...

JLSEC-2026-480 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because...

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

JLSEC-2026-474

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

CVE-2026-43863

A flaw was found in mutt, an email client. A remote attacker could exploit this vulnerability by sending specially crafted input, which would trigger an infinite loop in the dataobjecttostream function. This issue, located in the crypt-gpgme.c component, can lead to a Denial of Service DoS, causi...

BIT-DOTNET-SDK-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

BIT-DOTNET-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

Security update for mozjs52

This update for mozjs52 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc1259713...

CLSA-2026-1778128255 wireshark: Fix of 8 CVEs

CVE-2022-0585: fix large/infinite loops in multiple dissectors AMP, ATN-ULCS, BP, GDSDB, PMUL, WAP, ZigBee ZCL, OpenFlow v5/v6, IPDC, TDS, ASN.1 PER, FTUINTBYTES/STRING - CVE-2022-4344: fix Kafka dissector memory exhaustion via decompression/loop bounds - CVE-2023-0666: fix RTPS dissector...

hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...