CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-WJG5-GFX4-4QV2
Vulnerability from github – Published: 2021-12-23 00:01 – Updated: 2022-01-05 00:01An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
{
"affected": [],
"aliases": [
"CVE-2021-45257"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-22T17:15:00Z",
"severity": "HIGH"
},
"details": "An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.",
"id": "GHSA-wjg5-gfx4-4qv2",
"modified": "2022-01-05T00:01:58Z",
"published": "2021-12-23T00:01:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45257"
},
{
"type": "WEB",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392790"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WJGF-CRRQ-VG9C
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2022-04-29 02:58The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
{
"affected": [],
"aliases": [
"CVE-2004-0753"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-10-20T04:00:00Z",
"severity": "MODERATE"
},
"details": "The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.",
"id": "GHSA-wjgf-crrq-vg9c",
"modified": "2022-04-29T02:58:17Z",
"published": "2022-04-29T02:58:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0753"
},
{
"type": "WEB",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2005"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17383"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000875"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17657"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2004/dsa-546"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/825374"
},
{
"type": "WEB",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-447.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-466.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/11195"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WJV9-48RG-R5CR
Vulnerability from github – Published: 2023-07-31 18:30 – Updated: 2024-04-04 06:27A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-4010"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-31T17:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.",
"id": "GHSA-wjv9-48rg-r5cr",
"modified": "2024-04-04T06:27:36Z",
"published": "2023-07-31T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4010"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4010"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227726"
},
{
"type": "WEB",
"url": "https://github.com/wanrenmi/a-usb-kernel-bug"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WM4G-HW88-G25H
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2025-11-04 00:30Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2021-4185"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "HIGH"
},
"details": "Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-wm4g-hw88-g25h",
"modified": "2025-11-04T00:30:30Z",
"published": "2021-12-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4185"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17745"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-04"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-17.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMM4-77G9-76JV
Vulnerability from github – Published: 2022-05-13 01:51 – Updated: 2022-05-13 01:51An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.
{
"affected": [],
"aliases": [
"CVE-2018-20578"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-28T18:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.",
"id": "GHSA-wmm4-77g9-76jv",
"modified": "2022-05-13T01:51:05Z",
"published": "2022-05-13T01:51:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20578"
},
{
"type": "WEB",
"url": "https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt"
},
{
"type": "WEB",
"url": "https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPP8-F236-634X
Vulnerability from github – Published: 2023-09-22 06:30 – Updated: 2024-04-04 07:48Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
{
"affected": [],
"aliases": [
"CVE-2023-43761"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-22T05:15:09Z",
"severity": "HIGH"
},
"details": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.",
"id": "GHSA-wpp8-f236-634x",
"modified": "2024-04-04T07:48:05Z",
"published": "2023-09-22T06:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43761"
},
{
"type": "WEB",
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPV3-6QR5-9RMX
Vulnerability from github – Published: 2024-04-06 12:30 – Updated: 2024-08-22 15:31Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2024-24746"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-06T12:15:08Z",
"severity": "HIGH"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue.",
"id": "GHSA-wpv3-6qr5-9rmx",
"modified": "2024-08-22T15:31:15Z",
"published": "2024-04-06T12:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24746"
},
{
"type": "WEB",
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ23-XQ9Q-WF8W
Vulnerability from github – Published: 2025-01-28 21:31 – Updated: 2025-02-06 18:31In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-40675"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T20:15:49Z",
"severity": "HIGH"
},
"details": "In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-wq23-xq9q-wf8w",
"modified": "2025-02-06T18:31:04Z",
"published": "2025-01-28T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40675"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/c6b5490ec659b5854fd429f453f75de5befa6359"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-10-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WR4G-WR5G-W9C8
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2018-20099"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-12T10:29:00Z",
"severity": "MODERATE"
},
"details": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-wr4g-wr5g-w9c8",
"modified": "2022-05-13T01:50:57Z",
"published": "2022-05-13T01:50:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20099"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WRC7-358R-9HWC
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:21mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
{
"affected": [],
"aliases": [
"CVE-2019-1010189"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-24T14:15:00Z",
"severity": "MODERATE"
},
"details": "mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.",
"id": "GHSA-wrc7-358r-9hwc",
"modified": "2024-04-04T01:21:46Z",
"published": "2022-05-24T16:51:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010189"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YH7KTF6IB4LZURQHCOICNVE6YDAIHV62"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.