How severe is CVE-2024-43366?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-43366?

This is classified as CWE-835, which is a common weakness in software security.

CVE-2024-43366

CRITICAL Year: 2024

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-835

View all →

Vulnerability Description

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. Upgrading and redeploying affected contracts is the only way to avoid the vulnerability.

CVE-2021-42143

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to ca...

CWE-8352021

CVE-2018-8002

HIGH

CVSS:8.8(High)

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vul...

CWE-8352018

CVE-2023-20020

HIGH

CVSS:8.6(High)

A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote att...

CWE-8352023

CVE-2023-20083

HIGH

CVSS:8.6(High)

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CP...

CWE-8352023

CVE-2024-20353

HIGH

CVSS:8.6(High)

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote atta...

CWE-8352024

CVE-2018-20784

CRITICAL

CVSS:9.8(Critical)

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspeci...

CWE-8352018

CVE-2024-43366

Vulnerability Description

Related Vulnerabilities

CVE-2021-42143

CVE-2018-8002

CVE-2023-20020

CVE-2023-20083

CVE-2024-20353

CVE-2018-20784