CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-JQ6P-6WG4-WRW8
Vulnerability from github – Published: 2024-07-23 15:31 – Updated: 2024-07-25 18:32go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.
{
"affected": [],
"aliases": [
"CVE-2024-40060"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-23T15:15:04Z",
"severity": "HIGH"
},
"details": "go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.",
"id": "GHSA-jq6p-6wg4-wrw8",
"modified": "2024-07-25T18:32:35Z",
"published": "2024-07-23T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40060"
},
{
"type": "WEB",
"url": "https://gist.github.com/F3iG0n9/4d0d7c863eea6874eeeb26a3073aa5f8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQ6W-JF5J-5585
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
{
"affected": [],
"aliases": [
"CVE-2017-7618"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-10T14:59:00Z",
"severity": "HIGH"
},
"details": "crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.",
"id": "GHSA-jq6w-jf5j-5585",
"modified": "2022-05-13T01:47:03Z",
"published": "2022-05-13T01:47:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7618"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03800en_us"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-crypto-vger\u0026m=149181655623850\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97534"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR3J-7G7Q-JR5M
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)
{
"affected": [],
"aliases": [
"CVE-2021-34332"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)",
"id": "GHSA-jr3j-7g7q-jr5m",
"modified": "2022-05-24T19:07:37Z",
"published": "2022-05-24T19:07:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34332"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JR5Q-2X4Q-6MHG
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
{
"affected": [],
"aliases": [
"CVE-2018-5818"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-20T18:29:00Z",
"severity": "HIGH"
},
"details": "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.",
"id": "GHSA-jr5q-2x4q-6mhg",
"modified": "2022-05-13T01:20:21Z",
"published": "2022-05-13T01:20:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3989-1"
},
{
"type": "WEB",
"url": "https://www.libraw.org/news/libraw-0-19-2-release"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRPF-2J6M-MXHM
Vulnerability from github – Published: 2022-05-01 02:06 – Updated: 2022-05-01 02:06aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
{
"affected": [],
"aliases": [
"CVE-2005-2224"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-07-12T04:00:00Z",
"severity": "MODERATE"
},
"details": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.",
"id": "GHSA-jrpf-2j6m-mxhm",
"modified": "2022-05-01T02:06:06Z",
"published": "2022-05-01T02:06:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2224"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16005"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/14217"
},
{
"type": "WEB",
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JRQ3-7P6Q-9M8H
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:327-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.
{
"affected": [],
"aliases": [
"CVE-2024-11612"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:17Z",
"severity": "MODERATE"
},
"details": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.",
"id": "GHSA-jrq3-7p6q-9m8h",
"modified": "2024-11-22T21:32:18Z",
"published": "2024-11-22T21:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11612"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1606"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRWR-G23M-C7XM
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409
{
"affected": [],
"aliases": [
"CVE-2020-0247"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409",
"id": "GHSA-jrwr-g23m-c7xm",
"modified": "2022-05-24T17:25:16Z",
"published": "2022-05-24T17:25:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0247"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-08-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JW75-VVJ8-5H3F
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2023-05-24 15:30In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.
{
"affected": [],
"aliases": [
"CVE-2021-22161"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-07T23:15:00Z",
"severity": "MODERATE"
},
"details": "In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.",
"id": "GHSA-jw75-vvj8-5h3f",
"modified": "2023-05-24T15:30:26Z",
"published": "2022-05-24T17:41:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22161"
},
{
"type": "WEB",
"url": "https://openwrt.org/advisory/2021-02-02-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JX6G-C2P6-6CX2
Vulnerability from github – Published: 2023-11-30 00:30 – Updated: 2023-11-30 00:30Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.
{
"affected": [],
"aliases": [
"CVE-2023-40458"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-29T23:15:20Z",
"severity": "HIGH"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n",
"id": "GHSA-jx6g-c2p6-6cx2",
"modified": "2023-11-30T00:30:18Z",
"published": "2023-11-30T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40458"
},
{
"type": "WEB",
"url": "https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
},
{
"type": "WEB",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JXH3-F5J5-G9VQ
Vulnerability from github – Published: 2022-05-04 00:29 – Updated: 2022-05-04 00:29ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
{
"affected": [],
"aliases": [
"CVE-2012-0248"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-06-05T22:55:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.",
"id": "GHSA-jxh3-f5j5-g9vq",
"modified": "2022-05-04T00:29:00Z",
"published": "2022-05-04T00:29:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0248"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0544.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0545.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/47926"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48247"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48259"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49043"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49063"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49068"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1435-1"
},
{
"type": "WEB",
"url": "http://www.cert.fi/en/reports/2012/vulnerability595210.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2427"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml"
},
{
"type": "WEB",
"url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=20286"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/79003"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/51957"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027032"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.