Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-JQ6P-6WG4-WRW8

Vulnerability from github – Published: 2024-07-23 15:31 – Updated: 2024-07-25 18:32
VLAI
Details

go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-23T15:15:04Z",
    "severity": "HIGH"
  },
  "details": "go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.",
  "id": "GHSA-jq6p-6wg4-wrw8",
  "modified": "2024-07-25T18:32:35Z",
  "published": "2024-07-23T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40060"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/F3iG0n9/4d0d7c863eea6874eeeb26a3073aa5f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQ6W-JF5J-5585

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7618"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.",
  "id": "GHSA-jq6w-jf5j-5585",
  "modified": "2022-05-13T01:47:03Z",
  "published": "2022-05-13T01:47:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7618"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03800en_us"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-crypto-vger\u0026m=149181655623850\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97534"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JR3J-7G7Q-JR5M

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)",
  "id": "GHSA-jr3j-7g7q-jr5m",
  "modified": "2022-05-24T19:07:37Z",
  "published": "2022-05-24T19:07:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34332"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JR5Q-2X4Q-6MHG

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20
VLAI
Details

An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-20T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.",
  "id": "GHSA-jr5q-2x4q-6mhg",
  "modified": "2022-05-13T01:20:21Z",
  "published": "2022-05-13T01:20:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3989-1"
    },
    {
      "type": "WEB",
      "url": "https://www.libraw.org/news/libraw-0-19-2-release"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRPF-2J6M-MXHM

Vulnerability from github – Published: 2022-05-01 02:06 – Updated: 2022-05-01 02:06
VLAI
Details

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-2224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-07-12T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.",
  "id": "GHSA-jrpf-2j6m-mxhm",
  "modified": "2022-05-01T02:06:06Z",
  "published": "2022-05-01T02:06:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2224"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/16005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/14217"
    },
    {
      "type": "WEB",
      "url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JRQ3-7P6Q-9M8H

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:17Z",
    "severity": "MODERATE"
  },
  "details": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.",
  "id": "GHSA-jrq3-7p6q-9m8h",
  "modified": "2024-11-22T21:32:18Z",
  "published": "2024-11-22T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11612"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1606"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRWR-G23M-C7XM

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25
VLAI
Details

In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409",
  "id": "GHSA-jrwr-g23m-c7xm",
  "modified": "2022-05-24T17:25:16Z",
  "published": "2022-05-24T17:25:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0247"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JW75-VVJ8-5H3F

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2023-05-24 15:30
VLAI
Details

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-07T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.",
  "id": "GHSA-jw75-vvj8-5h3f",
  "modified": "2023-05-24T15:30:26Z",
  "published": "2022-05-24T17:41:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22161"
    },
    {
      "type": "WEB",
      "url": "https://openwrt.org/advisory/2021-02-02-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JX6G-C2P6-6CX2

Vulnerability from github – Published: 2023-11-30 00:30 – Updated: 2023-11-30 00:30
VLAI
Details

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-29T23:15:20Z",
    "severity": "HIGH"
  },
  "details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n",
  "id": "GHSA-jx6g-c2p6-6cx2",
  "modified": "2023-11-30T00:30:18Z",
  "published": "2023-11-30T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40458"
    },
    {
      "type": "WEB",
      "url": "https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
    },
    {
      "type": "WEB",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXH3-F5J5-G9VQ

Vulnerability from github – Published: 2022-05-04 00:29 – Updated: 2022-05-04 00:29
VLAI
Details

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-05T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.",
  "id": "GHSA-jxh3-f5j5-g9vq",
  "modified": "2022-05-04T00:29:00Z",
  "published": "2022-05-04T00:29:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0248"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0544.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0545.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47926"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48247"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48259"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49043"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49063"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49068"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1435-1"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.fi/en/reports/2012/vulnerability595210.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2427"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=20286"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/79003"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51957"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027032"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.