icon

We found results for “

CVE-2025-29776

Good to know:

icon
icon

Date: March 14, 2025

Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling "setTimer" in Azle versions "0.27.0", "0.28.0", and "0.29.0" causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of "setTimer". The problem has been fixed as of Azle version "0.30.0". As a workaround, if a canister is caught in this infinite loop after calling "setTimer", the canister can be upgraded and the timers will all be cleared, thus ending the loop.

Severity Score

Severity Score

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

icon

Upgrade Version

Upgrade to version azle - 0.30.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us