Skip to content

GitLab

Open
Created by Administrator@rootMaintainer

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Loop with Unreachable Exit Condition ('Infinite Loop')

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Loop with Unreachable Exit Condition ('Infinite Loop')

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.29b-1.1+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package. See How to fix? for Debian:9 relevant versions.

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.9.4+dfsg1-2.2+deb9u3
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Debian:9 relevant versions.

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package.

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream avahi package.

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.36.5-2+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream gdk-pixbuf package. See How to fix? for Debian:9 relevant versions.

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active