CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-3R3P-444M-2G4P
Vulnerability from github – Published: 2024-01-16 18:31 – Updated: 2025-11-04 21:31EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
{
"affected": [],
"aliases": [
"CVE-2023-45232"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T16:15:12Z",
"severity": "HIGH"
},
"details": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.",
"id": "GHSA-3r3p-444m-2g4p",
"modified": "2025-11-04T21:31:04Z",
"published": "2024-01-16T18:31:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45232"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/132380"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3R44-XHXH-QH7X
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
{
"affected": [],
"aliases": [
"CVE-2018-5685"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-14T02:29:00Z",
"severity": "MODERATE"
},
"details": "In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.",
"id": "GHSA-3r44-xhxh-qh7x",
"modified": "2022-05-13T01:52:53Z",
"published": "2022-05-13T01:52:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5685"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/541"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V47-MWG3-XVQ2
Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-07-08 18:31In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: stop hash:* range iteration at end
The following hash set variants:
hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net
iterate IPv4 ranges with a 32-bit iterator.
The iterator must stop once the last address in the requested range has been processed. Advancing it once more can move the traversal state past the end of the request, so a later retry may continue from an unintended position.
Handle the iterator increment explicitly at the end of the loop and stop once the upper bound has been processed. This keeps the existing retry behaviour intact for valid ranges while preventing traversal from continuing past the original boundary.
{
"affected": [],
"aliases": [
"CVE-2026-52921"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T08:16:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: stop hash:* range iteration at end\n\nThe following hash set variants:\n\nhash:ip,mark\nhash:ip,port\nhash:ip,port,ip\nhash:ip,port,net\n\niterate IPv4 ranges with a 32-bit iterator.\n\nThe iterator must stop once the last address in the requested range has\nbeen processed. Advancing it once more can move the traversal state past\nthe end of the request, so a later retry may continue from an unintended\nposition.\n\nHandle the iterator increment explicitly at the end of the loop and stop\nonce the upper bound has been processed. This keeps the existing retry\nbehaviour intact for valid ranges while preventing traversal from\ncontinuing past the original boundary.",
"id": "GHSA-3v47-mwg3-xvq2",
"modified": "2026-07-08T18:31:32Z",
"published": "2026-06-24T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52921"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V74-FJ6R-9QVP
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-01-27 18:32Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
{
"affected": [],
"aliases": [
"CVE-2026-24831"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:35Z",
"severity": "HIGH"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.",
"id": "GHSA-3v74-fj6r-9qvp",
"modified": "2026-01-27T18:32:16Z",
"published": "2026-01-27T18:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24831"
},
{
"type": "WEB",
"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/248"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V94-MW7P-V465
Vulnerability from github – Published: 2026-05-07 02:59 – Updated: 2026-05-07 02:59The NSEC3 closest-encloser proof validation in hickory-proto's (0.25.0-alpha.3 ... 0.25.2) and hickory-net's (0.26.0-alpha.1 .. 0.26.0) DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA name. When the SOA in a response's authority section is not an ancestor of the QNAME, the loop stalls at the DNS root and never terminates, repeatedly calling Name::base_name() and pushing newly allocated Name and hashed-name entries into the candidate Vec.
The bug is reachable by any caller of DnssecDnsHandle, including the resolver, recursor, and client, when built with the dnssec-ring or dnssec-aws-lc-rs feature and configured to perform DNSSEC validation. It is triggered while validating a NoData or NXDomain response whose authority section contains an SOA record from a zone other than an ancestor of the QNAME, on a code path that requires NSEC3 closest-encloser proof. In practice this can be reached through an insecure CNAME chain that crosses zone boundaries into a DNSSEC-signed zone returning NoData, but the minimum condition is just a mismatched SOA owner on a response requiring NSEC3 validation.
A debug_assert_ne!(name, Name::root()) guards the loop body, so debug builds abort with a panic on the first iteration past the root. Release builds compile the assertion out and run the loop unbounded, allocating until the process exhausts available memory. A reachable upstream attacker who can return such a response can therefore crash a debug build or exhaust memory on a release build, for the affected configurations.
The affected code was migrated from hickory-proto to hickory-net as part of the 0.26.0 release. Hickory DNS recommends that all affected users update to hickory-net 0.26.1 for the fix.
Reporter
David Cook, ISRG
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "hickory-proto"
},
"ranges": [
{
"events": [
{
"introduced": "0.25.0-alpha.3"
},
{
"last_affected": "0.25.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.26.0"
},
"package": {
"ecosystem": "crates.io",
"name": "hickory-net"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0-alpha.1"
},
{
"fixed": "0.26.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T02:59:20Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The NSEC3 closest-encloser proof validation in `hickory-proto`\u0027s (0.25.0-alpha.3 ... 0.25.2) and `hickory-net`\u0027s (0.26.0-alpha.1 .. 0.26.0) `DnssecDnsHandle` walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA name. When the SOA in a response\u0027s authority section is not an ancestor of the QNAME, the loop stalls at the DNS root and never terminates, repeatedly calling `Name::base_name()` and pushing newly allocated `Name` and hashed-name entries into the candidate `Vec`.\n\nThe bug is reachable by any caller of `DnssecDnsHandle`, including the resolver, recursor, and client, when built with the `dnssec-ring` or `dnssec-aws-lc-rs` feature and configured to perform DNSSEC validation. It is triggered while validating a NoData or NXDomain response whose authority section contains an SOA record from a zone other than an ancestor of the QNAME, on a code path that requires NSEC3 closest-encloser proof. In practice this can be reached through an insecure CNAME chain that crosses zone boundaries into a DNSSEC-signed zone returning NoData, but the minimum condition is just a mismatched SOA owner on a response requiring NSEC3 validation.\n\nA `debug_assert_ne!(name, Name::root())` guards the loop body, so debug builds abort with a panic on the first iteration past the root. Release builds compile the assertion out and run the loop unbounded, allocating until the process exhausts available memory. A reachable upstream attacker who can return such a response can therefore crash a debug build or exhaust memory on a release build, for the affected configurations.\n\nThe affected code was migrated from `hickory-proto` to `hickory-net` as part of the 0.26.0 release. Hickory DNS recommends that all affected users update to `hickory-net` 0.26.1 for the fix.\n\n### Reporter\n\nDavid Cook, ISRG",
"id": "GHSA-3v94-mw7p-v465",
"modified": "2026-05-07T02:59:20Z",
"published": "2026-05-07T02:59:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-3v94-mw7p-v465"
},
{
"type": "PACKAGE",
"url": "https://github.com/hickory-dns/hickory-dns"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0118.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0120.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses"
}
GHSA-3VPR-MHGF-FGJV
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9023"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-08T16:29:00Z",
"severity": "HIGH"
},
"details": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",
"id": "GHSA-3vpr-mhgf-fgjv",
"modified": "2025-04-20T03:38:42Z",
"published": "2022-05-13T01:47:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9023"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98756"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VQ9-9J8H-QHV2
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-6522"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:39Z",
"severity": "MODERATE"
},
"details": "RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-3vq9-9j8h-qhv2",
"modified": "2026-04-30T09:30:24Z",
"published": "2026-04-30T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6522"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21186"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-42.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3W69-J4HP-RVH4
Vulnerability from github – Published: 2025-04-15 15:30 – Updated: 2025-08-20 09:30This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
{
"affected": [],
"aliases": [
"CVE-2025-32947"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T15:16:09Z",
"severity": "HIGH"
},
"details": "This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the \"inbox\" endpoint when\u00a0receiving crafted ActivityPub activities.",
"id": "GHSA-3w69-j4hp-rvh4",
"modified": "2025-08-20T09:30:38Z",
"published": "2025-04-15T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32947"
},
{
"type": "WEB",
"url": "https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d"
},
{
"type": "WEB",
"url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3WR5-MP77-P74F
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:41A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
{
"affected": [],
"aliases": [
"CVE-2017-11626"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-25T23:29:00Z",
"severity": "MODERATE"
},
"details": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"",
"id": "GHSA-3wr5-mp77-p74f",
"modified": "2025-04-20T03:41:28Z",
"published": "2022-05-13T01:42:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11626"
},
{
"type": "WEB",
"url": "https://github.com/qpdf/qpdf/issues/119"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3638-1"
},
{
"type": "WEB",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3WWW-Q54H-9529
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-15835"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T14:29:00Z",
"severity": "MODERATE"
},
"details": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.",
"id": "GHSA-3www-q54h-9529",
"modified": "2022-05-13T01:44:01Z",
"published": "2022-05-13T01:44:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15835"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-11-01#qualcomm-components"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.