Description

Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.

INFO

Published Date :

2025-03-14T13:13:27.137Z

Last Modified :

2025-03-14T14:46:38.269Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29776 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29776.

URL Resource
https://github.com/demergent-labs/azle/releases/tag/0.30.0 cve-icon cve-icon
https://github.com/demergent-labs/azle/security/advisories/GHSA-xc76-5pf9-mx8m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability