CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-XG67-JWRG-PJC6
Vulnerability from github – Published: 2023-08-14 15:33 – Updated: 2024-04-04 06:54Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
{
"affected": [],
"aliases": [
"CVE-2023-30188"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-14T13:15:10Z",
"severity": "HIGH"
},
"details": "Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.",
"id": "GHSA-xg67-jwrg-pjc6",
"modified": "2024-04-04T06:54:49Z",
"published": "2023-08-14T15:33:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30188"
},
{
"type": "WEB",
"url": "https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a"
},
{
"type": "WEB",
"url": "https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2"
},
{
"type": "WEB",
"url": "https://github.com/ONLYOFFICE/DocumentServer"
},
{
"type": "WEB",
"url": "https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer"
},
{
"type": "WEB",
"url": "https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110"
},
{
"type": "WEB",
"url": "http://onlyoffice.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XGFR-63PQ-C6GP
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
{
"affected": [],
"aliases": [
"CVE-2016-5042"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T17:59:00Z",
"severity": "HIGH"
},
"details": "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.",
"id": "GHSA-xgfr-63pq-c6gp",
"modified": "2022-05-13T01:03:24Z",
"published": "2022-05-13T01:03:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5042"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XGHR-2V47-FQX8
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2026-54119"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:04Z",
"severity": "HIGH"
},
"details": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Windows Active Directory allows an unauthorized attacker to deny service over a network.",
"id": "GHSA-xghr-2v47-fqx8",
"modified": "2026-07-14T18:32:07Z",
"published": "2026-07-14T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54119"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XGR5-38F7-XQVV
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2024-03-27 15:30libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
{
"affected": [],
"aliases": [
"CVE-2022-27781"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",
"id": "GHSA-xgr5-38f7-xqvv",
"modified": "2024-03-27T15:30:35Z",
"published": "2022-06-03T00:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1555441"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220609-0009"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XGX2-84J2-CX9M
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-42920"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:49Z",
"severity": "HIGH"
},
"details": "When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-xgx2-84j2-cx9m",
"modified": "2026-05-13T18:30:56Z",
"published": "2026-05-13T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42920"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000160901"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XHJ5-RVCV-CCCG
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
{
"affected": [],
"aliases": [
"CVE-2020-13800"
],
"database_specific": {
"cwe_ids": [
"CWE-674",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-04T16:15:00Z",
"severity": "MODERATE"
},
"details": "ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.",
"id": "GHSA-xhj5-rvcv-cccg",
"modified": "2022-05-24T17:19:18Z",
"published": "2022-05-24T17:19:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13800"
},
{
"type": "WEB",
"url": "https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200717-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4467-1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHQG-MP7V-6MRP
Vulnerability from github – Published: 2022-02-10 00:01 – Updated: 2022-09-20 00:00An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
{
"affected": [],
"aliases": [
"CVE-2022-23098"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.",
"id": "GHSA-xhqg-mp7v-6mrp",
"modified": "2022-09-20T00:00:32Z",
"published": "2022-02-10T00:01:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23098"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/network/connman/connman.git/log"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-21"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5231"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/01/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHR3-WF7J-H255
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-12-12 17:59The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252 contains fixes to this problem.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/gomarkdown/markdown"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20240729212818-a2a9c4f76ef5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-44337"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-16T14:09:50Z",
"nvd_published_at": "2024-10-15T20:15:21Z",
"severity": "MODERATE"
},
"details": "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.",
"id": "GHSA-xhr3-wf7j-h255",
"modified": "2024-12-12T17:59:12Z",
"published": "2024-10-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44337"
},
{
"type": "WEB",
"url": "https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252"
},
{
"type": "WEB",
"url": "https://github.com/Brinmon/CVE-2024-44337"
},
{
"type": "PACKAGE",
"url": "https://github.com/gomarkdown/markdown"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3205"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Infinite loop in github.com/gomarkdown/markdown"
}
GHSA-XJ65-Q394-F9P2
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
{
"affected": [],
"aliases": [
"CVE-2017-9094"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-19T19:29:00Z",
"severity": "MODERATE"
},
"details": "The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.",
"id": "GHSA-xj65-q394-f9p2",
"modified": "2022-05-13T01:47:48Z",
"published": "2022-05-13T01:47:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9094"
},
{
"type": "WEB",
"url": "https://github.com/jsummers/imageworsener/issues/27"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJPW-MC8F-P786
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
{
"affected": [],
"aliases": [
"CVE-2015-8900"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-27T22:59:00Z",
"severity": "MODERATE"
},
"details": "The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.",
"id": "GHSA-xjpw-mc8f-p786",
"modified": "2022-05-13T01:24:55Z",
"published": "2022-05-13T01:24:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8900"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195260"
},
{
"type": "WEB",
"url": "http://trac.imagemagick.org/changeset/17845"
},
{
"type": "WEB",
"url": "http://trac.imagemagick.org/changeset/17846"
},
{
"type": "WEB",
"url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26929"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/02/26/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/06/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.