CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-4V97-3733-H7MW
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
{
"affected": [],
"aliases": [
"CVE-2004-0748"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-10-20T04:00:00Z",
"severity": "MODERATE"
},
"details": "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.",
"id": "GHSA-4v97-3733-h7mw",
"modified": "2025-04-03T04:01:27Z",
"published": "2022-04-29T02:58:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0748"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17200"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml"
},
{
"type": "WEB",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2004_30_apache2.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-349.html"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2004/0047"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4VQ3-2RWV-W7MG
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-10-07 18:15When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.
{
"affected": [],
"aliases": [
"CVE-2019-19451"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-29T23:15:00Z",
"severity": "MODERATE"
},
"details": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
"id": "GHSA-4vq3-2rwv-w7mg",
"modified": "2022-10-07T18:15:43Z",
"published": "2022-05-24T17:02:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19451"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VVM-4W3V-6MR8
Vulnerability from github – Published: 2023-06-30 20:33 – Updated: 2023-07-07 17:19Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if __parse_content_stream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted text from such a PDF.
Example Code and a PDF that causes the issue:
from pypdf import PdfReader
# https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/3119517/11367871?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T201018Z&X-Amz-Expires=300&X-Amz-Signature=d71c8fd9181c4875f0c04d563b6d32f1d4da6e7b2e6be2f14479ce4ecdc9c8b2&X-Amz-SignedHeaders=host&actor_id=1658117&key_id=0&repo_id=3119517&response-content-disposition=attachment%3Bfilename%3DMiFO_LFO_FEIS_NOA_Published.3.pdf&response-content-type=application%2Fpdf
reader = PdfReader("MiFO_LFO_FEIS_NOA_Published.3.pdf")
page = reader.pages[0]
page.extract_text()
The issue was introduced with https://github.com/py-pdf/pypdf/pull/969
Patches
The issue was fixed with https://github.com/py-pdf/pypdf/pull/1828
Workarounds
It is recommended to upgrade to pypdf>=3.9.0. PyPDF2 users should migrate to pypdf.
If you cannot update your version of pypdf, you should modify pypdf/generic/_data_structures.py:
OLD: while peek not in (b"\r", b"\n"):
NEW: while peek not in (b"\r", b"\n", b""):
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "PyPDF2"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"last_affected": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-36464"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-30T20:33:57Z",
"nvd_published_at": "2023-06-27T22:15:11Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted text from such a PDF.\n\nExample Code and a PDF that causes the issue:\n\n```python\nfrom pypdf import PdfReader\n\n# https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/3119517/11367871?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230627%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20230627T201018Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d71c8fd9181c4875f0c04d563b6d32f1d4da6e7b2e6be2f14479ce4ecdc9c8b2\u0026X-Amz-SignedHeaders=host\u0026actor_id=1658117\u0026key_id=0\u0026repo_id=3119517\u0026response-content-disposition=attachment%3Bfilename%3DMiFO_LFO_FEIS_NOA_Published.3.pdf\u0026response-content-type=application%2Fpdf\nreader = PdfReader(\"MiFO_LFO_FEIS_NOA_Published.3.pdf\")\npage = reader.pages[0]\npage.extract_text()\n```\n\nThe issue was introduced with https://github.com/py-pdf/pypdf/pull/969\n\n### Patches\n\nThe issue was fixed with https://github.com/py-pdf/pypdf/pull/1828\n\n### Workarounds\n\nIt is recommended to upgrade to `pypdf\u003e=3.9.0`. PyPDF2 users should migrate to pypdf.\n\nIf you cannot update your version of pypdf, you should modify `pypdf/generic/_data_structures.py`:\n\n```\nOLD: while peek not in (b\"\\r\", b\"\\n\"):\nNEW: while peek not in (b\"\\r\", b\"\\n\", b\"\"):\n```",
"id": "GHSA-4vvm-4w3v-6mr8",
"modified": "2023-07-07T17:19:37Z",
"published": "2023-06-30T20:33:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36464"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/1828"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/969"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/releases/tag/3.9.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "pypdf and PyPDF2 possible Infinite Loop when a comment isn\u0027t followed by a character"
}
GHSA-4W98-XF39-23GP
Vulnerability from github – Published: 2026-03-16 20:49 – Updated: 2026-04-24 20:27Summary
ewe's handle_trailers function contains a bug where rejected trailer headers (forbidden or undeclared) cause an infinite loop. The function recurses with the original unparsed buffer instead of advancing past the rejected header, re-parsing the same header forever. Each malicious request permanently wedges a BEAM process at 100% CPU with no timeout or escape.
Impact
When handle_trailers (ewe/internal/http1.gleam:493) encounters a trailer that is either not in the declared trailer set or is blocked by is_forbidden_trailer, three code paths (lines 520, 523, 526) recurse with the original buffer rest instead of Buffer(header_rest, 0):
// Line 523 — uses `rest` (original buffer), not `Buffer(header_rest, 0)` (remaining)
False -> handle_trailers(req, set, rest)
This causes decoder.decode_packet to re-parse the same header on every iteration, producing an infinite loop. The BEAM process never yields, never times out, and never terminates.
Any ewe application that calls ewe.read_body on chunked requests is affected. This is exploitable by any unauthenticated remote client. There is no application-level workaround — the infinite loop is triggered inside read_body before control returns to application code.
Proof of Concept
Send a chunked request with a forbidden trailer (host) to trigger the infinite loop:
printf 'POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTrailer: host\r\n\r\n4\r\ntest\r\n0\r\nhost: evil.example.com\r\n\r\n' | nc -w 3 localhost 8080
This will hang (no response) until the nc timeout. The server-side handler process is stuck forever.
Exhaust server resources with concurrent requests:
for i in $(seq 1 50); do
printf 'POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTrailer: host\r\n\r\n4\r\ntest\r\n0\r\nhost: evil.example.com\r\n\r\n' | nc -w 1 localhost 8080 &
done
Open the Erlang Observer (observer:start()) and sort the Processes tab by Reductions to see the stuck processes with continuously climbing reduction counts.
Vulnerable Code
All three False/Error branches in handle_trailers have the same bug:
// ewe/internal/http1.gleam, lines 493–531
fn handle_trailers(
req: Request(BitArray),
set: Set(String),
rest: Buffer,
) -> Request(BitArray) {
case decoder.decode_packet(HttphBin, rest) {
Ok(Packet(HttpEoh, _)) -> req
Ok(Packet(HttpHeader(idx, field, value), header_rest)) -> {
// ... field name parsing ...
case field_name {
Ok(field_name) -> {
case
set.contains(set, field_name) && !is_forbidden_trailer(field_name)
{
True -> {
case bit_array.to_string(value) {
Ok(value) -> {
request.set_header(req, field_name, value)
|> handle_trailers(set, Buffer(header_rest, 0)) // correct
}
Error(Nil) -> handle_trailers(req, set, rest) // BUG: line 520
}
}
False -> handle_trailers(req, set, rest) // BUG: line 523
}
}
Error(Nil) -> handle_trailers(req, set, rest) // BUG: line 526
}
}
_ -> req
}
}
{
"affected": [
{
"package": {
"ecosystem": "Hex",
"name": "ewe"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "3.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32873"
],
"database_specific": {
"cwe_ids": [
"CWE-825",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-16T20:49:50Z",
"nvd_published_at": "2026-03-20T02:16:35Z",
"severity": "HIGH"
},
"details": "## Summary\n\newe\u0027s `handle_trailers` function contains a bug where rejected trailer headers (forbidden or undeclared) cause an infinite loop. The function recurses with the original unparsed buffer instead of advancing past the rejected header, re-parsing the same header forever. Each malicious request permanently wedges a BEAM process at 100% CPU with no timeout or escape.\n\n## Impact\n\nWhen `handle_trailers` (`ewe/internal/http1.gleam:493`) encounters a trailer that is either not in the declared trailer set or is blocked by `is_forbidden_trailer`, three code paths (lines 520, 523, 526) recurse with the original buffer `rest` instead of `Buffer(header_rest, 0)`:\n\n```gleam\n// Line 523 \u2014 uses `rest` (original buffer), not `Buffer(header_rest, 0)` (remaining)\nFalse -\u003e handle_trailers(req, set, rest)\n```\n\nThis causes `decoder.decode_packet` to re-parse the same header on every iteration, producing an infinite loop. The BEAM process never yields, never times out, and never terminates.\n\n**Any ewe application that calls `ewe.read_body` on chunked requests is affected.** This is exploitable by any unauthenticated remote client. There is no application-level workaround \u2014 the infinite loop is triggered inside `read_body` before control returns to application code.\n\n### Proof of Concept\n\n**Send a chunked request with a forbidden trailer (`host`) to trigger the infinite loop:**\n\n```sh\nprintf \u0027POST / HTTP/1.1\\r\\nHost: localhost:8080\\r\\nTransfer-Encoding: chunked\\r\\nTrailer: host\\r\\n\\r\\n4\\r\\ntest\\r\\n0\\r\\nhost: evil.example.com\\r\\n\\r\\n\u0027 | nc -w 3 localhost 8080\n```\n\nThis will hang (no response) until the `nc` timeout. The server-side handler process is stuck forever.\n\n**Exhaust server resources with concurrent requests:**\n\n```sh\nfor i in $(seq 1 50); do\n printf \u0027POST / HTTP/1.1\\r\\nHost: localhost:8080\\r\\nTransfer-Encoding: chunked\\r\\nTrailer: host\\r\\n\\r\\n4\\r\\ntest\\r\\n0\\r\\nhost: evil.example.com\\r\\n\\r\\n\u0027 | nc -w 1 localhost 8080 \u0026\ndone\n```\n\nOpen the Erlang Observer (`observer:start()`) and sort the Processes tab by Reductions to see the stuck processes with continuously climbing reduction counts.\n\n### Vulnerable Code\n\nAll three `False`/`Error` branches in `handle_trailers` have the same bug:\n\n```gleam\n// ewe/internal/http1.gleam, lines 493\u2013531\nfn handle_trailers(\n req: Request(BitArray),\n set: Set(String),\n rest: Buffer,\n) -\u003e Request(BitArray) {\n case decoder.decode_packet(HttphBin, rest) {\n Ok(Packet(HttpEoh, _)) -\u003e req\n Ok(Packet(HttpHeader(idx, field, value), header_rest)) -\u003e {\n // ... field name parsing ...\n case field_name {\n Ok(field_name) -\u003e {\n case\n set.contains(set, field_name) \u0026\u0026 !is_forbidden_trailer(field_name)\n {\n True -\u003e {\n case bit_array.to_string(value) {\n Ok(value) -\u003e {\n request.set_header(req, field_name, value)\n |\u003e handle_trailers(set, Buffer(header_rest, 0)) // correct\n }\n Error(Nil) -\u003e handle_trailers(req, set, rest) // BUG: line 520\n }\n }\n False -\u003e handle_trailers(req, set, rest) // BUG: line 523\n }\n }\n Error(Nil) -\u003e handle_trailers(req, set, rest) // BUG: line 526\n }\n }\n _ -\u003e req\n }\n}\n```",
"id": "GHSA-4w98-xf39-23gp",
"modified": "2026-04-24T20:27:31Z",
"published": "2026-03-16T20:49:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vshakitskiy/ewe/security/advisories/GHSA-4w98-xf39-23gp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32873"
},
{
"type": "WEB",
"url": "https://github.com/vshakitskiy/ewe/commit/8513de9dcdd0005f727c0f6f15dd89f8d626f560"
},
{
"type": "WEB",
"url": "https://github.com/vshakitskiy/ewe/commit/d8b9b8a86470c0cb5696647997c2f34763506e37"
},
{
"type": "PACKAGE",
"url": "https://github.com/vshakitskiy/ewe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in ewe"
}
GHSA-4WFP-R3V4-54HJ
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
{
"affected": [],
"aliases": [
"CVE-2015-8785"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-08T03:59:00Z",
"severity": "MODERATE"
},
"details": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.",
"id": "GHSA-4wfp-r3v4-54hj",
"modified": "2022-05-13T01:04:12Z",
"published": "2022-05-13T01:04:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8785"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3503"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/24/1"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/81688"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2886-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4X33-566W-9PG7
Vulnerability from github – Published: 2026-03-09 15:30 – Updated: 2026-03-10 18:31GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
{
"affected": [],
"aliases": [
"CVE-2025-69648"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-09T15:15:52Z",
"severity": "MODERATE"
},
"details": "GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.",
"id": "GHSA-4x33-566w-9pg7",
"modified": "2026-03-10T18:31:16Z",
"published": "2026-03-09T15:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69648"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33641"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4X4V-J9C8-FF62
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
{
"affected": [],
"aliases": [
"CVE-2017-14932"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-30T01:29:00Z",
"severity": "MODERATE"
},
"details": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",
"id": "GHSA-4x4v-j9c8-ff62",
"modified": "2025-04-20T03:46:06Z",
"published": "2022-05-13T01:43:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14932"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22204"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=e338894dc2e603683bed2172e8e9f25b29051005"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-523C-XH4G-MH5M
Vulnerability from github – Published: 2021-01-14 19:18 – Updated: 2026-06-09 10:20Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: - Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294) - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.poi:poi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-12626"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-11-06T18:56:32Z",
"nvd_published_at": "2018-01-29T17:29:00Z",
"severity": "HIGH"
},
"details": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks:\n - Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294)\n - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)",
"id": "GHSA-523c-xh4g-mh5m",
"modified": "2026-06-09T10:20:57Z",
"published": "2021-01-14T19:18:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12626"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1322"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/poi"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102879"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service in Apache POI"
}
GHSA-52H2-M2CF-9JH6
Vulnerability from github – Published: 2022-12-12 22:35 – Updated: 2022-12-12 22:35Impact
The linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the linux-loader crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner.
Patches
The issue has been addressed in 0.8.1
Workarounds
The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file.
References
See: https://github.com/rust-vmm/linux-loader/pull/125
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "linux-loader"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23523"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-125",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-12T22:35:41Z",
"nvd_published_at": "2022-12-13T08:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the `linux-loader` crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner.\n\n### Patches\nThe issue has been addressed in 0.8.1\n\n### Workarounds\nThe issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file.\n\n### References\n\nSee: https://github.com/rust-vmm/linux-loader/pull/125\n",
"id": "GHSA-52h2-m2cf-9jh6",
"modified": "2022-12-12T22:35:41Z",
"published": "2022-12-12T22:35:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23523"
},
{
"type": "WEB",
"url": "https://github.com/rust-vmm/linux-loader/pull/125"
},
{
"type": "WEB",
"url": "https://github.com/rust-vmm/linux-loader/commit/a44f152da4f38c538ed492b1efa8515be2047db2"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-vmm/linux-loader"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "linux-loader reading beyond EOF could lead to infinite loop"
}
GHSA-52M2-JXVJ-QW6R
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
{
"affected": [],
"aliases": [
"CVE-2016-9776"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-29T22:59:00Z",
"severity": "MODERATE"
},
"details": "QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in \u0027mcf_fec_receive\u0027. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.",
"id": "GHSA-52m2-jxvj-qw6r",
"modified": "2022-05-13T01:13:40Z",
"published": "2022-05-13T01:13:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9776"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400829"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/8"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.