CWE-834
DiscouragedExcessive Iteration
Abstraction: Class · Status: Incomplete
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
124 vulnerabilities reference this CWE, most recent first.
GHSA-R2PP-JG8W-VM6W
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:42ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
{
"affected": [],
"aliases": [
"CVE-2017-12587"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-06T14:29:00Z",
"severity": "HIGH"
},
"details": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.",
"id": "GHSA-r2pp-jg8w-vm6w",
"modified": "2025-04-20T03:42:09Z",
"published": "2022-05-13T01:42:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12587"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/535"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5H2-24X5-FV2H
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
{
"affected": [],
"aliases": [
"CVE-2017-14056"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-31T15:29:00Z",
"severity": "HIGH"
},
"details": "In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large \"frame_count\" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.",
"id": "GHSA-r5h2-24x5-fv2h",
"modified": "2022-05-13T01:43:17Z",
"published": "2022-05-13T01:43:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14056"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3996"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R9GH-37WH-H394
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:42In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-12674"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-07T21:29:00Z",
"severity": "HIGH"
},
"details": "In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.",
"id": "GHSA-r9gh-37wh-h394",
"modified": "2025-04-20T03:42:22Z",
"published": "2022-05-13T01:17:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12674"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/604"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RP4H-VF6C-9FFM
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2025-04-20 03:44GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
{
"affected": [],
"aliases": [
"CVE-2017-13777"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-30T09:29:00Z",
"severity": "HIGH"
},
"details": "GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",
"id": "GHSA-rp4h-vf6c-9ffm",
"modified": "2025-04-20T03:44:09Z",
"published": "2022-05-13T01:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13777"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4222-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/08/31/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RWRX-X2HW-9H5W
Vulnerability from github – Published: 2023-03-20 15:30 – Updated: 2023-03-20 17:28Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.sling:org.apache.sling.resourcemerger"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26513"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-20T17:28:36Z",
"nvd_published_at": "2023-03-20T13:15:00Z",
"severity": "HIGH"
},
"details": "Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.",
"id": "GHSA-rwrx-x2hw-9h5w",
"modified": "2023-03-20T17:28:36Z",
"published": "2023-03-20T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26513"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SLING-11776"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/xpcpo1y88ldss5hgmvogsf6h3735l5zb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Sling Resource Merger has Excessive Iteration vulnerability"
}
GHSA-RXWH-225R-76Q6
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2024-07-30 21:31In the Linux kernel, the following vulnerability has been resolved:
ionic: use dev_consume_skb_any outside of napi
If we're not in a NAPI softirq context, we need to be careful about how we call napi_consume_skb(), specifically we need to call it with budget==0 to signal to it that we're not in a safe context.
This was found while running some configuration stress testing of traffic and a change queue config loop running, and this curious note popped out:
[ 4371.402645] BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/20545 [ 4371.402897] caller is napi_skb_cache_put+0x16/0x80 [ 4371.403120] CPU: 25 PID: 20545 Comm: ethtool Kdump: loaded Tainted: G OE 6.10.0-rc3-netnext+ #8 [ 4371.403302] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 01/23/2021 [ 4371.403460] Call Trace: [ 4371.403613] [ 4371.403758] dump_stack_lvl+0x4f/0x70 [ 4371.403904] check_preemption_disabled+0xc1/0xe0 [ 4371.404051] napi_skb_cache_put+0x16/0x80 [ 4371.404199] ionic_tx_clean+0x18a/0x240 [ionic] [ 4371.404354] ionic_tx_cq_service+0xc4/0x200 [ionic] [ 4371.404505] ionic_tx_flush+0x15/0x70 [ionic] [ 4371.404653] ? ionic_lif_qcq_deinit.isra.23+0x5b/0x70 [ionic] [ 4371.404805] ionic_txrx_deinit+0x71/0x190 [ionic] [ 4371.404956] ionic_reconfigure_queues+0x5f5/0xff0 [ionic] [ 4371.405111] ionic_set_ringparam+0x2e8/0x3e0 [ionic] [ 4371.405265] ethnl_set_rings+0x1f1/0x300 [ 4371.405418] ethnl_default_set_doit+0xbb/0x160 [ 4371.405571] genl_family_rcv_msg_doit+0xff/0x130 [...]
I found that ionic_tx_clean() calls napi_consume_skb() which calls napi_skb_cache_put(), but before that last call is the note / Zero budget indicate non-NAPI context called us, like netpoll / and DEBUG_NET_WARN_ON_ONCE(!in_softirq());
Those are pretty big hints that we're doing it wrong. We can pass a context hint down through the calls to let ionic_tx_clean() know what we're doing so it can call napi_consume_skb() correctly.
{
"affected": [],
"aliases": [
"CVE-2024-42071"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: use dev_consume_skb_any outside of napi\n\nIf we\u0027re not in a NAPI softirq context, we need to be careful\nabout how we call napi_consume_skb(), specifically we need to\ncall it with budget==0 to signal to it that we\u0027re not in a\nsafe context.\n\nThis was found while running some configuration stress testing\nof traffic and a change queue config loop running, and this\ncurious note popped out:\n\n[ 4371.402645] BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/20545\n[ 4371.402897] caller is napi_skb_cache_put+0x16/0x80\n[ 4371.403120] CPU: 25 PID: 20545 Comm: ethtool Kdump: loaded Tainted: G OE 6.10.0-rc3-netnext+ #8\n[ 4371.403302] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 01/23/2021\n[ 4371.403460] Call Trace:\n[ 4371.403613] \u003cTASK\u003e\n[ 4371.403758] dump_stack_lvl+0x4f/0x70\n[ 4371.403904] check_preemption_disabled+0xc1/0xe0\n[ 4371.404051] napi_skb_cache_put+0x16/0x80\n[ 4371.404199] ionic_tx_clean+0x18a/0x240 [ionic]\n[ 4371.404354] ionic_tx_cq_service+0xc4/0x200 [ionic]\n[ 4371.404505] ionic_tx_flush+0x15/0x70 [ionic]\n[ 4371.404653] ? ionic_lif_qcq_deinit.isra.23+0x5b/0x70 [ionic]\n[ 4371.404805] ionic_txrx_deinit+0x71/0x190 [ionic]\n[ 4371.404956] ionic_reconfigure_queues+0x5f5/0xff0 [ionic]\n[ 4371.405111] ionic_set_ringparam+0x2e8/0x3e0 [ionic]\n[ 4371.405265] ethnl_set_rings+0x1f1/0x300\n[ 4371.405418] ethnl_default_set_doit+0xbb/0x160\n[ 4371.405571] genl_family_rcv_msg_doit+0xff/0x130\n\t[...]\n\nI found that ionic_tx_clean() calls napi_consume_skb() which calls\nnapi_skb_cache_put(), but before that last call is the note\n /* Zero budget indicate non-NAPI context called us, like netpoll */\nand\n DEBUG_NET_WARN_ON_ONCE(!in_softirq());\n\nThose are pretty big hints that we\u0027re doing it wrong. We can pass a\ncontext hint down through the calls to let ionic_tx_clean() know what\nwe\u0027re doing so it can call napi_consume_skb() correctly.",
"id": "GHSA-rxwh-225r-76q6",
"modified": "2024-07-30T21:31:26Z",
"published": "2024-07-29T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42071"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84b767f9e34fdb143c09e66a2a20722fc2921821"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef7646ed49fff962e97b276f4ab91327a67eeb5a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V23X-2MWW-CC32
Vulnerability from github – Published: 2025-01-15 09:30 – Updated: 2025-01-15 09:30In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
{
"affected": [],
"aliases": [
"CVE-2024-4227"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-15T08:15:25Z",
"severity": "HIGH"
},
"details": "In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.",
"id": "GHSA-v23x-2mww-cc32",
"modified": "2025-01-15T09:30:50Z",
"published": "2025-01-15T09:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4227"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/gsoap2/code/HEAD/tree/changelog.md"
},
{
"type": "WEB",
"url": "https://www.genivia.com/advisory.html#Upgrade_recommendation_when_option_-c++11_is_used_to_generate_C++11_source_code"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V24P-HG93-GG45
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2025-04-20 03:44GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
{
"affected": [],
"aliases": [
"CVE-2017-13776"
],
"database_specific": {
"cwe_ids": [
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-30T09:29:00Z",
"severity": "HIGH"
},
"details": "GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",
"id": "GHSA-v24p-hg93-gg45",
"modified": "2025-04-20T03:44:09Z",
"published": "2022-05-13T01:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13776"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4222-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/08/31/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V75M-35PH-56M2
Vulnerability from github – Published: 2021-11-20 00:00 – Updated: 2022-03-17 00:06NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2021-39923"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-19T17:15:00Z",
"severity": "HIGH"
},
"details": "NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-v75m-35ph-56m2",
"modified": "2022-03-17T00:06:43Z",
"published": "2021-11-20T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39923"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17684"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17705"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-11.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-15.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VCPJ-66GX-C27M
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2024-04-04 03:03srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
{
"affected": [],
"aliases": [
"CVE-2020-35573"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-20T05:15:00Z",
"severity": "HIGH"
},
"details": "srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.",
"id": "GHSA-vcpj-66gx-c27m",
"modified": "2024-04-04T03:03:56Z",
"published": "2022-05-24T17:36:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35573"
},
{
"type": "WEB",
"url": "https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00031.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.