CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1060 vulnerabilities reference this CWE, most recent first.
GHSA-8G7P-JF3G-GXCP
Vulnerability from github – Published: 2026-03-23 06:30 – Updated: 2026-03-29 15:51Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jsrsasign"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-4598"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:51:28Z",
"nvd_published_at": "2026-03-23T06:16:21Z",
"severity": "HIGH"
},
"details": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).",
"id": "GHSA-8g7p-jf3g-gxcp",
"modified": "2026-03-29T15:51:28Z",
"published": "2026-03-23T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"type": "WEB",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"type": "WEB",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"type": "WEB",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"type": "PACKAGE",
"url": "https://github.com/kjur/jsrsasign"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs"
}
GHSA-8G9J-VP2C-MG7R
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.
{
"affected": [],
"aliases": [
"CVE-2018-5253"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-05T21:29:00Z",
"severity": "HIGH"
},
"details": "The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.",
"id": "GHSA-8g9j-vp2c-mg7r",
"modified": "2022-05-13T01:52:45Z",
"published": "2022-05-13T01:52:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5253"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8H93-38HX-VV92
Vulnerability from github – Published: 2025-06-07 09:30 – Updated: 2025-06-09 15:31Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.
There is no other way for the application to escape or exit this loop other than killing the thread/process.
This might be used to DoS libcurl-using application.
{
"affected": [],
"aliases": [
"CVE-2025-5399"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-07T08:15:20Z",
"severity": "HIGH"
},
"details": "Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.",
"id": "GHSA-8h93-38hx-vv92",
"modified": "2025-06-09T15:31:41Z",
"published": "2025-06-07T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3168039"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-5399.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-5399.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8H9F-G8Q9-87R3
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.
{
"affected": [],
"aliases": [
"CVE-2018-17042"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-14T07:29:00Z",
"severity": "MODERATE"
},
"details": "An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.",
"id": "GHSA-8h9f-g8q9-87r3",
"modified": "2022-05-13T01:50:29Z",
"published": "2022-05-13T01:50:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17042"
},
{
"type": "WEB",
"url": "https://github.com/bcsanches/dbf2txt/issues/2"
},
{
"type": "WEB",
"url": "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J7J-8W2R-72PQ
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-02-03 00:30When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
{
"affected": [],
"aliases": [
"CVE-2020-15654"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-10T18:15:00Z",
"severity": "MODERATE"
},
"details": "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"id": "GHSA-8j7j-8w2r-72pq",
"modified": "2023-02-03T00:30:18Z",
"published": "2022-05-24T17:25:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15654"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1648333"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4443-1"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-30"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-32"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-33"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8J7Q-4Q44-6HPF
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
{
"affected": [],
"aliases": [
"CVE-2017-9222"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-27T12:29:00Z",
"severity": "HIGH"
},
"details": "The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.",
"id": "GHSA-8j7q-4q44-6hpf",
"modified": "2022-05-13T01:47:51Z",
"published": "2022-05-13T01:47:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9222"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jun/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M8H-XWP6-PGJF
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
{
"affected": [],
"aliases": [
"CVE-2025-63829"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T17:16:12Z",
"severity": "MODERATE"
},
"details": "eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.",
"id": "GHSA-8m8h-xwp6-pgjf",
"modified": "2025-11-18T18:32:54Z",
"published": "2025-11-18T18:32:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63829"
},
{
"type": "WEB",
"url": "https://gist.github.com/lkloliver/b00377bec754d4aa1dc731be210d5889"
},
{
"type": "WEB",
"url": "https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/fastdds/core/Time_t.cpp#L67"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8M9G-647G-5PXW
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-07 16:04An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/Yubico/yubihsm-connector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28484"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T16:04:45Z",
"nvd_published_at": "2021-04-14T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.",
"id": "GHSA-8m9g-647g-5pxw",
"modified": "2021-05-07T16:04:45Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28484"
},
{
"type": "WEB",
"url": "https://github.com/Yubico/yubihsm-connector/commit/82bdf202c53460bac9106cc9b4b34a0a16cae0ed"
},
{
"type": "WEB",
"url": "https://github.com/Yubico/yubihsm-connector/releases"
},
{
"type": "WEB",
"url": "https://www.yubico.com/support/security-advisories/ysa-2021-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R",
"type": "CVSS_V3"
}
],
"summary": "Infinite loop in Yubico yubihsm-connector"
}
GHSA-8MMP-C685-53VW
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-08-05 00:00encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
{
"affected": [],
"aliases": [
"CVE-2021-27918"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T00:15:00Z",
"severity": "HIGH"
},
"details": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"id": "GHSA-8mmp-c685-53vw",
"modified": "2022-08-05T00:00:28Z",
"published": "2022-05-24T17:44:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MVJ-3J78-4QMW
Vulnerability from github – Published: 2025-08-26 16:19 – Updated: 2025-09-10 21:07Impact
User control of the first argument of the addImage method results in CPU utilization and denial of service.
If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.
Other affected methods are: html.
Example payload:
import { jsPDF } from "jspdf"
const payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])
const doc = new jsPDF();
const startTime = performance.now();
try {
doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");
} finally {
const endTime = performance.now();
console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);
}
Patches
The vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@>=3.0.2.
In jspdf@>=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.
Workarounds
Sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Credits
Researcher: Aleksey Solovev (Positive Technologies)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.1"
},
"package": {
"ecosystem": "npm",
"name": "jspdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-57810"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-26T16:19:04Z",
"nvd_published_at": "2025-08-26T16:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\nUser control of the first argument of the addImage method results in CPU utilization and denial of service.\n\nIf given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.\n\nOther affected methods are: `html`.\n\nExample payload:\n\n```js\nimport { jsPDF } from \"jspdf\" \n\nconst payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])\n\nconst doc = new jsPDF();\nconst startTime = performance.now();\ntry {\n doc.addImage(payload, \"PNG\", 10, 40, 180, 180, undefined, \"SLOW\");\n} finally {\n const endTime = performance.now();\n console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);\n}\n```\n\n### Patches\nThe vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@\u003e=3.0.2.\n\nIn jspdf@\u003e=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.\n\n### Workarounds\nSanitize image data or URLs before passing it to the addImage method or one of the other affected methods.\n\n### Credits\nResearcher: Aleksey Solovev (Positive Technologies)",
"id": "GHSA-8mvj-3j78-4qmw",
"modified": "2025-09-10T21:07:04Z",
"published": "2025-08-26T16:19:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"type": "PACKAGE",
"url": "https://github.com/parallax/jsPDF"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "jsPDF Denial of Service (DoS)"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.