Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-WRGH-JM24-7HV6

Vulnerability from github – Published: 2023-12-27 21:30 – Updated: 2023-12-27 21:30
VLAI
Details

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-50981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-18T04:15:51Z",
    "severity": "HIGH"
  },
  "details": "ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.",
  "id": "GHSA-wrgh-jm24-7hv6",
  "modified": "2023-12-27T21:30:58Z",
  "published": "2023-12-27T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weidai11/cryptopp/issues/1249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WV38-CHXJ-V2GP

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-11 03:50
VLAI
Details

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-08-29T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.",
  "id": "GHSA-wv38-chxj-v2gp",
  "modified": "2025-04-11T03:50:08Z",
  "published": "2022-05-13T01:24:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2213"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714536"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.linux.network/197206"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.linux.network/197208"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.linux.network/197386"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.linux.network/198809"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.ozlabs.org/patch/100857"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/20/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/20/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/20/16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WV9F-RWRW-WQJ3

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 15:30
VLAI
Details

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936",
  "id": "GHSA-wv9f-rwrw-wqj3",
  "modified": "2023-03-29T15:30:17Z",
  "published": "2023-03-24T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20998"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW4V-Q9H8-2Q3M

Vulnerability from github – Published: 2024-09-05 00:31 – Updated: 2024-09-05 15:33
VLAI
Details

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T23:15:12Z",
    "severity": "HIGH"
  },
  "details": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.",
  "id": "GHSA-ww4v-q9h8-2q3m",
  "modified": "2024-09-05T15:33:35Z",
  "published": "2024-09-05T00:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45692"
    },
    {
      "type": "WEB",
      "url": "https://cispa.de/en/loop-dos"
    },
    {
      "type": "WEB",
      "url": "https://webmin.com"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW5R-X8XX-G992

Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-13 00:00
VLAI
Details

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.15), Teamcenter V13.0 (All versions \u003c V13.0.0.10), Teamcenter V13.1 (All versions \u003c V13.1.0.10), Teamcenter V13.2 (All versions \u003c V13.2.0.9), Teamcenter V13.3 (All versions \u003c V13.3.0.5), Teamcenter V14.0 (All versions \u003c V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.",
  "id": "GHSA-ww5r-x8xx-g992",
  "modified": "2022-08-13T00:00:35Z",
  "published": "2022-08-11T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34661"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW72-35H4-5V84

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17
VLAI
Details

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-09T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
  "id": "GHSA-ww72-35h4-5v84",
  "modified": "2022-05-13T01:17:59Z",
  "published": "2022-05-13T01:17:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6301"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710"
    },
    {
      "type": "WEB",
      "url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Jun/14"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Sep/7"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-05"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/18"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Aug/20"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Mar/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/08/03/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWC3-65MG-QWXF

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30
VLAI
Details

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:38Z",
    "severity": "MODERATE"
  },
  "details": "SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
  "id": "GHSA-wwc3-65mg-qwxf",
  "modified": "2026-04-30T15:30:38Z",
  "published": "2026-04-30T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5407"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/21073"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21073"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-11.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWH4-WJHP-4XRG

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:01
VLAI
Details

Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-04T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.",
  "id": "GHSA-wwh4-wjhp-4xrg",
  "modified": "2022-04-12T00:01:01Z",
  "published": "2022-04-05T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1222"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWXC-Q95Q-9VH6

Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2021-12-28 00:01
VLAI
Details

An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-21T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.",
  "id": "GHSA-wwxc-q95q-9vh6",
  "modified": "2021-12-28T00:01:05Z",
  "published": "2021-12-22T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44924"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1959"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WX33-XP59-J4CH

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-12-21 15:30
VLAI
Details

A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-28T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.",
  "id": "GHSA-wx33-xp59-j4ch",
  "modified": "2022-12-21T15:30:16Z",
  "published": "2022-05-24T17:49:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3508"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enferex/pdfresurrect/issues/17"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.