Vulnerabilities > CVE-2023-29407 - Excessive Iteration vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

golang

fedoraproject

CWE-834

NVD

Published: 2023-08-02

Updated: 2023-11-07

Summary

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

Vulnerable Configurations

Part	Description	Count
Application	Golang Golang Image 0.1.0 Golang Image 0.2.0 Golang Image 0.3.0 Golang Image 0.4.0 Golang Image 0.5.0 Golang Image 0.6.0 Golang Image 0.7.0 Golang Image 0.8.0 Golang Image 0.9.0	9
OS	Fedoraproject Fedoraproject Fedora 37 Fedoraproject Fedora 38	2

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

References

https://go.dev/cl/514897
https://go.dev/issue/61581
https://pkg.go.dev/vuln/GO-2023-1990
https://security.netapp.com/advisory/ntap-20230831-0009/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
https://lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
https://lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/