CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-M89X-HF4G-3J36
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.
{
"affected": [],
"aliases": [
"CVE-2020-24337"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T23:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.",
"id": "GHSA-m89x-hf4g-3j36",
"modified": "2022-05-24T17:36:11Z",
"published": "2022-05-24T17:36:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24337"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M8P7-HJG2-3XQJ
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-04-18 09:30In the Linux kernel, the following vulnerability has been resolved:
can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error
In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup.
However, this patch did not take into account that usb_submit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops infinitely since the anchor list never becomes empty.
To fix the bug, unanchor the URB when an usb_submit_urb() error occurs, also print an info message.
{
"affected": [],
"aliases": [
"CVE-2026-23082"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error\n\nIn commit 7352e1d5932a (\"can: gs_usb: gs_usb_receive_bulk_callback(): fix\nURB memory leak\"), the URB was re-anchored before usb_submit_urb() in\ngs_usb_receive_bulk_callback() to prevent a leak of this URB during\ncleanup.\n\nHowever, this patch did not take into account that usb_submit_urb() could\nfail. The URB remains anchored and\nusb_kill_anchored_urbs(\u0026parent-\u003erx_submitted) in gs_can_close() loops\ninfinitely since the anchor list never becomes empty.\n\nTo fix the bug, unanchor the URB when an usb_submit_urb() error occurs,\nalso print an info message.",
"id": "GHSA-m8p7-hjg2-3xqj",
"modified": "2026-04-18T09:30:17Z",
"published": "2026-02-04T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23082"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9V3-PQJ8-J8X7
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
{
"affected": [],
"aliases": [
"CVE-2016-8909"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-04T21:59:00Z",
"severity": "MODERATE"
},
"details": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.",
"id": "GHSA-m9v3-pqj8-j8x7",
"modified": "2022-05-13T01:07:30Z",
"published": "2022-05-13T01:07:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8909"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2016-8909"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93842"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MCQR-W7VQ-7QJV
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
{
"affected": [],
"aliases": [
"CVE-2017-18271"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-18T19:29:00Z",
"severity": "HIGH"
},
"details": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.",
"id": "GHSA-mcqr-w7vq-7qjv",
"modified": "2022-05-13T01:17:22Z",
"published": "2022-05-13T01:17:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18271"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/911"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFGX-FRFQ-59JC
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-10-27 19:00A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-3679"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.",
"id": "GHSA-mfgx-frfq-59jc",
"modified": "2022-10-27T19:00:41Z",
"published": "2022-05-24T19:10:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3679"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989165"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4978"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFQ9-XFJ5-HXP8
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-14229"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-09T08:29:00Z",
"severity": "HIGH"
},
"details": "There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.",
"id": "GHSA-mfq9-xfj5-hxp8",
"modified": "2022-05-13T01:43:21Z",
"published": "2022-05-13T01:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14229"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/issues/146"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100861"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFWC-PXGH-FJ85
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
{
"affected": [],
"aliases": [
"CVE-2018-11657"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-01T15:29:00Z",
"severity": "HIGH"
},
"details": "ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.",
"id": "GHSA-mfwc-pxgh-fj85",
"modified": "2022-05-13T01:49:20Z",
"published": "2022-05-13T01:49:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11657"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/ngiflib/issues/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MH4W-QHP7-F8V8
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO.
{
"affected": [],
"aliases": [
"CVE-2021-31363"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO.",
"id": "GHSA-mh4w-qhp7-f8v8",
"modified": "2022-05-24T19:17:53Z",
"published": "2022-05-24T19:17:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31363"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11225"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MH86-QHJH-FVR5
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.
{
"affected": [],
"aliases": [
"CVE-2021-38387"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T19:15:00Z",
"severity": "HIGH"
},
"details": "In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.",
"id": "GHSA-mh86-qhjh-fvr5",
"modified": "2022-05-24T19:10:31Z",
"published": "2022-05-24T19:10:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38387"
},
{
"type": "WEB",
"url": "https://github.com/contiki-os/contiki/issues/2688"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHC2-234V-X4JM
Vulnerability from github – Published: 2026-03-18 12:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition.
A malformed NTFS image can cause an infinite loop when an attribute header indicates an empty run list, while directory entries reference it as containing actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way to represent an empty run list, and run_unpack() correctly handles this by checking if evcn + 1 equals svcn and returning early without parsing any run data. However, this creates a problem when there is metadata inconsistency, where the attribute header claims to be empty (evcn=-1) but the caller expects to read actual data. When run_unpack() immediately returns success upon seeing this condition, it leaves the runs_tree uninitialized with run->runs as a NULL. The calling function attr_load_runs_range() assumes that a successful return means that the runs were loaded and sets clen to 0, expecting the next run_lookup_entry() call to succeed. Because runs_tree remains uninitialized, run_lookup_entry() continues to fail, and the loop increments vcn by zero (vcn += 0), leading to an infinite loop.
This patch adds a retry counter to detect when run_lookup_entry() fails consecutively after attr_load_runs_vcn(). If the run is still not found on the second attempt, it indicates corrupted metadata and returns -EINVAL, preventing the Denial-of-Service (DoS) vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-71265"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-18T11:16:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an attribute header\nindicates an empty run list, while directory entries reference it as\ncontaining actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way\nto represent an empty run list, and run_unpack() correctly handles this by\nchecking if evcn + 1 equals svcn and returning early without parsing any run\ndata. However, this creates a problem when there is metadata inconsistency,\nwhere the attribute header claims to be empty (evcn=-1) but the caller\nexpects to read actual data. When run_unpack() immediately returns success\nupon seeing this condition, it leaves the runs_tree uninitialized with\nrun-\u003eruns as a NULL. The calling function attr_load_runs_range() assumes\nthat a successful return means that the runs were loaded and sets clen to 0,\nexpecting the next run_lookup_entry() call to succeed. Because runs_tree\nremains uninitialized, run_lookup_entry() continues to fail, and the loop\nincrements vcn by zero (vcn += 0), leading to an infinite loop.\n\nThis patch adds a retry counter to detect when run_lookup_entry() fails\nconsecutively after attr_load_runs_vcn(). If the run is still not found on\nthe second attempt, it indicates corrupted metadata and returns -EINVAL,\npreventing the Denial-of-Service (DoS) vulnerability.",
"id": "GHSA-mhc2-234v-x4jm",
"modified": "2026-07-14T15:31:40Z",
"published": "2026-03-18T12:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71265"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c3a6e951b9b53dab2ac460a655313cf04c4a10a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b90f16e4bb5607fb35e7802eb67874038da4640"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f07a590616ff5f57f7c041d98e463fad9e9f763"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78b61f7eac37a63284774b147f38dd0be6cad43c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a89bc96d5abd8a4a8d5d911884ea347efcdf460b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af839013c70a24779f9d1afb1575952009312d38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0b43c45d45f59e7faad48675a50231a210c379b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.