CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-WRGH-JM24-7HV6
Vulnerability from github – Published: 2023-12-27 21:30 – Updated: 2023-12-27 21:30ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
{
"affected": [],
"aliases": [
"CVE-2023-50981"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-18T04:15:51Z",
"severity": "HIGH"
},
"details": "ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.",
"id": "GHSA-wrgh-jm24-7hv6",
"modified": "2023-12-27T21:30:58Z",
"published": "2023-12-27T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50981"
},
{
"type": "WEB",
"url": "https://github.com/weidai11/cryptopp/issues/1249"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WV38-CHXJ-V2GP
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-11 03:50The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
{
"affected": [],
"aliases": [
"CVE-2011-2213"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-08-29T18:55:00Z",
"severity": "MODERATE"
},
"details": "The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.",
"id": "GHSA-wv38-chxj-v2gp",
"modified": "2025-04-11T03:50:08Z",
"published": "2022-05-13T01:24:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2213"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=714536"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.network/197206"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.network/197208"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.network/197386"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.network/198809"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"type": "WEB",
"url": "http://patchwork.ozlabs.org/patch/100857"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/06/20/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/06/20/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/06/20/16"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WV9F-RWRW-WQJ3
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 15:30In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936
{
"affected": [],
"aliases": [
"CVE-2023-20998"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936",
"id": "GHSA-wv9f-rwrw-wqj3",
"modified": "2023-03-29T15:30:17Z",
"published": "2023-03-24T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20998"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WW4V-Q9H8-2Q3M
Vulnerability from github – Published: 2024-09-05 00:31 – Updated: 2024-09-05 15:33Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
{
"affected": [],
"aliases": [
"CVE-2024-45692"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T23:15:12Z",
"severity": "HIGH"
},
"details": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.",
"id": "GHSA-ww4v-q9h8-2q3m",
"modified": "2024-09-05T15:33:35Z",
"published": "2024-09-05T00:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45692"
},
{
"type": "WEB",
"url": "https://cispa.de/en/loop-dos"
},
{
"type": "WEB",
"url": "https://webmin.com"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WW5R-X8XX-G992
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-13 00:00A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2022-34661"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.15), Teamcenter V13.0 (All versions \u003c V13.0.0.10), Teamcenter V13.1 (All versions \u003c V13.1.0.10), Teamcenter V13.2 (All versions \u003c V13.2.0.9), Teamcenter V13.3 (All versions \u003c V13.3.0.5), Teamcenter V14.0 (All versions \u003c V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.",
"id": "GHSA-ww5r-x8xx-g992",
"modified": "2022-08-13T00:00:35Z",
"published": "2022-08-11T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34661"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WW72-35H4-5V84
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
{
"affected": [],
"aliases": [
"CVE-2016-6301"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-09T20:59:00Z",
"severity": "HIGH"
},
"details": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"id": "GHSA-ww72-35h4-5v84",
"modified": "2022-05-13T01:17:59Z",
"published": "2022-05-13T01:17:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6301"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710"
},
{
"type": "WEB",
"url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-05"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/03/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92277"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WWC3-65MG-QWXF
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-5407"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:38Z",
"severity": "MODERATE"
},
"details": "SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-wwc3-65mg-qwxf",
"modified": "2026-04-30T15:30:38Z",
"published": "2026-04-30T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5407"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21073"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21073"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-11.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WWH4-WJHP-4XRG
Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:01Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2022-1222"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-04T10:15:00Z",
"severity": "MODERATE"
},
"details": "Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.",
"id": "GHSA-wwh4-wjhp-4xrg",
"modified": "2022-04-12T00:01:01Z",
"published": "2022-04-05T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1222"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WWXC-Q95Q-9VH6
Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2021-12-28 00:01An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-44924"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.",
"id": "GHSA-wwxc-q95q-9vh6",
"modified": "2021-12-28T00:01:05Z",
"published": "2021-12-22T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44924"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1959"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WX33-XP59-J4CH
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-12-21 15:30A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2021-3508"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-28T14:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.",
"id": "GHSA-wx33-xp59-j4ch",
"modified": "2022-12-21T15:30:16Z",
"published": "2022-05-24T17:49:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3508"
},
{
"type": "WEB",
"url": "https://github.com/enferex/pdfresurrect/issues/17"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.