CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1060 vulnerabilities reference this CWE, most recent first.
GHSA-7WPV-4QH2-R4FV
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-50320"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T16:15:23Z",
"severity": "HIGH"
},
"details": "An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.",
"id": "GHSA-7wpv-4qh2-r4fv",
"modified": "2024-11-12T18:30:56Z",
"published": "2024-11-12T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50320"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7X3M-MXJP-769R
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.
{
"affected": [],
"aliases": [
"CVE-2018-7326"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.",
"id": "GHSA-7x3m-mxjp-769r",
"modified": "2022-05-13T01:53:20Z",
"published": "2022-05-13T01:53:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7326"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7X8Q-X29W-WPG4
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
{
"affected": [],
"aliases": [
"CVE-2017-9358"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-02T05:29:00Z",
"severity": "HIGH"
},
"details": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).",
"id": "GHSA-7x8q-x29w-wpg4",
"modified": "2022-05-13T01:47:57Z",
"published": "2022-05-13T01:47:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9358"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/863906"
},
{
"type": "WEB",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038531"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-827X-XJFM-CW2C
Vulnerability from github – Published: 2023-07-18 15:30 – Updated: 2024-04-04 06:13In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-33294"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-18T14:15:11Z",
"severity": "MODERATE"
},
"details": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.",
"id": "GHSA-827x-xjfm-cw2c",
"modified": "2024-04-04T06:13:20Z",
"published": "2023-07-18T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33294"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501"
},
{
"type": "WEB",
"url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8299-XH3W-XHX5
Vulnerability from github – Published: 2026-07-16 18:31 – Updated: 2026-07-17 15:32XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.
The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.
Nameless attributes such as "" or unbalanced quotes "" can trigger this condition.
{
"affected": [],
"aliases": [
"CVE-2026-13401"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-16T17:16:55Z",
"severity": "HIGH"
},
"details": "XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.\n\nThe parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.\n\nNameless attributes such as \"\u003ca =\u0027c\u0027\u003e\" or unbalanced quotes \"\u003ca b=\u0027\u0027\u0027\u0027\u0027\u0027\u0027c\u0027\u003e\" can trigger this condition.",
"id": "GHSA-8299-xh3w-xhx5",
"modified": "2026-07-17T15:32:23Z",
"published": "2026-07-16T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13401"
},
{
"type": "WEB",
"url": "https://github.com/nanoscopic/perl-XML-Bare/pull/2"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-13401-r1.patch"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83G2-8M93-V3W7
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2024-05-20 20:30Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/html infinite loop via crafted ParseFragment input.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/net"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20210520170846-37e1c6afe023"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-33194"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T00:33:11Z",
"nvd_published_at": "2021-05-26T15:15:00Z",
"severity": "HIGH"
},
"details": "Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/html infinite loop via crafted ParseFragment input.",
"id": "GHSA-83g2-8m93-v3w7",
"modified": "2024-05-20T20:30:54Z",
"published": "2022-05-24T19:03:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
},
{
"type": "WEB",
"url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7"
},
{
"type": "WEB",
"url": "https://go.dev/cl/311090"
},
{
"type": "WEB",
"url": "https://go.dev/issue/46288"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0238"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/net/html Infinite Loop vulnerability"
}
GHSA-83GH-Q9XF-W4XR
Vulnerability from github – Published: 2025-01-31 12:33 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
filemap: avoid truncating 64-bit offset to 32 bits
On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs filesystem.
{
"affected": [],
"aliases": [
"CVE-2025-21665"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T12:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"id": "GHSA-83gh-q9xf-w4xr",
"modified": "2025-11-03T21:32:30Z",
"published": "2025-01-31T12:33:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21665"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09528bb1a4123e2a234eac2bc45a0e51e78dab43"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/280f1fb89afc01e7376f59ae611d54ca69e9f967"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64e5fd96330df2ad278d1c4edcca581f26e5f76e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80fc836f3ebe2f2d2d2c80c698b7667974285a04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f505e6c91e7a22d10316665a86d79f84d9f0ba76"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-84GJ-C6VV-GH4Q
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
{
"affected": [],
"aliases": [
"CVE-2015-8558"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-05-23T19:59:00Z",
"severity": "MODERATE"
},
"details": "The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.",
"id": "GHSA-84gj-c6vv-gh4q",
"modified": "2022-05-13T01:16:26Z",
"published": "2022-05-13T01:16:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8558"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277983"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/80694"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8549-4C5J-X7G2
Vulnerability from github – Published: 2024-01-12 15:30 – Updated: 2025-11-03 21:30When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
{
"affected": [],
"aliases": [
"CVE-2023-0437"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T14:15:47Z",
"severity": "MODERATE"
},
"details": "When calling bson_utf8_validate\u00a0on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.",
"id": "GHSA-8549-4c5j-x7g2",
"modified": "2025-11-03T21:30:59Z",
"published": "2024-01-12T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0437"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/CDRIVER-4747"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-857C-G6R6-MJ7P
Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 21:31An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.
{
"affected": [],
"aliases": [
"CVE-2025-51986"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T18:15:30Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.",
"id": "GHSA-857c-g6r6-mj7p",
"modified": "2025-08-14T21:31:57Z",
"published": "2025-08-14T18:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51986"
},
{
"type": "WEB",
"url": "https://gist.github.com/jyjsunny/a9743a718ed3081b034c11201803f6b4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.