CWE-834
Excessive Iteration
Description
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
Hierarchy (View 1000)
CVEs mapped to this weakness (65)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-35515 | 0.00 | — | 0.12 | Jul 13, 2021 | When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||
| CVE-2021-31812 | — | 0.00 | — | 0.03 | Jun 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | ||
| CVE-2021-27807 | — | 0.00 | — | 0.03 | Mar 19, 2021 | A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||
| CVE-2020-25201 | — | 0.00 | — | 0.03 | Nov 4, 2020 | HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. | ||
| CVE-2019-3564 | 0.00 | — | 0.02 | May 6, 2019 | Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue… |
- CVE-2021-35515Jul 13, 2021risk 0.00cvss —epss 0.12
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
- CVE-2021-31812Jun 12, 2021risk 0.00cvss —epss 0.03
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
- CVE-2021-27807Mar 19, 2021risk 0.00cvss —epss 0.03
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
- CVE-2020-25201Nov 4, 2020risk 0.00cvss —epss 0.03
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
- CVE-2019-3564May 6, 2019risk 0.00cvss —epss 0.02
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…