CWE-606
Unchecked Input for Loop Condition
Description
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1519 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2026 | If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries… | ||
| CVE-2024-13931 | Hig | 0.47 | 7.2 | 0.00 | May 22, 2025 | Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2025-42930 | Med | 0.42 | 6.5 | 0.00 | Sep 9, 2025 | SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the… | ||
| CVE-2026-5950 | Med | 0.34 | 5.3 | 0.01 | May 20, 2026 | An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9… | ||
| CVE-2023-5678 | Med | 0.34 | 5.3 | 0.04 | Nov 6, 2023 | Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise,… | ||
| CVE-2026-0243 | Med | 0.32 | — | 0.00 | May 13, 2026 | A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet. | ||
| CVE-2024-13930 | Med | 0.32 | 4.9 | 0.00 | May 22, 2025 | An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through… | ||
| CVE-2023-6237 | Med | 0.31 | 5.9 | 0.02 | Apr 25, 2024 | Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an… | ||
| CVE-2024-4603 | Med | 0.27 | 5.3 | 0.01 | May 16, 2024 | Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or… | ||
| CVE-2026-41986 | Low | 0.16 | 2.4 | 0.00 | Jun 9, 2026 | Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2025-43801 | 0.00 | — | 0.00 | Sep 16, 2025 | Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions… | |||
| CVE-2024-43499 | 0.00 | — | 0.03 | Nov 12, 2024 | .NET and Visual Studio Denial of Service Vulnerability | |||
| CVE-2024-34486 | — | 0.00 | — | 0.01 | May 5, 2024 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | ||
| CVE-2024-28244 | 0.00 | — | 0.02 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX… | |||
| CVE-2024-28243 | 0.00 | — | 0.01 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an… |
- risk 0.49cvss 7.5epss 0.01
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries…
- risk 0.47cvss 7.2epss 0.00
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.42cvss 6.5epss 0.00
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the…
- risk 0.34cvss 5.3epss 0.01
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9…
- risk 0.34cvss 5.3epss 0.04
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise,…
- risk 0.32cvss —epss 0.00
A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.
- risk 0.32cvss 4.9epss 0.00
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through…
- risk 0.31cvss 5.9epss 0.02
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an…
- risk 0.27cvss 5.3epss 0.01
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or…
- risk 0.16cvss 2.4epss 0.00
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-43801Sep 16, 2025risk 0.00cvss —epss 0.00
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions…
- CVE-2024-43499Nov 12, 2024risk 0.00cvss —epss 0.03
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2024-34486May 5, 2024risk 0.00cvss —epss 0.01
OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.
- CVE-2024-28244Mar 25, 2024risk 0.00cvss —epss 0.02
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX…
- CVE-2024-28243Mar 25, 2024risk 0.00cvss —epss 0.01
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an…