VYPR

CWE-606

Unchecked Input for Loop Condition

BaseDraft

Description

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (15)

  • CVE-2026-1519HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.01

    If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries…

  • CVE-2024-13931HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-42930MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.00

    SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the…

  • CVE-2026-5950MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.01

    An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9…

  • CVE-2023-5678MedNov 6, 2023
    risk 0.34cvss 5.3epss 0.04

    Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise,…

  • CVE-2026-0243MedMay 13, 2026
    risk 0.32cvss epss 0.00

    A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.

  • CVE-2024-13930MedMay 22, 2025
    risk 0.32cvss 4.9epss 0.00

    An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through…

  • CVE-2023-6237MedApr 25, 2024
    risk 0.31cvss 5.9epss 0.02

    Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an…

  • CVE-2024-4603MedMay 16, 2024
    risk 0.27cvss 5.3epss 0.01

    Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or…

  • CVE-2026-41986LowJun 9, 2026
    risk 0.16cvss 2.4epss 0.00

    Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-43801Sep 16, 2025
    risk 0.00cvss epss 0.00

    Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions…

  • CVE-2024-43499Nov 12, 2024
    risk 0.00cvss epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2024-34486May 5, 2024
    risk 0.00cvss epss 0.01

    OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.

  • CVE-2024-28244Mar 25, 2024
    risk 0.00cvss epss 0.02

    KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX…

  • CVE-2024-28243Mar 25, 2024
    risk 0.00cvss epss 0.01

    KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an…