VYPR

CWE-834

Excessive Iteration

ClassIncomplete

Description

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the product or its host system; it depends on the amount of resources consumed per iteration.

Hierarchy (View 1000)

CVEs mapped to this weakness (65)

page 4 of 4
  • CVE-2021-35515Jul 13, 2021
    risk 0.00cvss epss 0.12

    When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

  • CVE-2021-31812Jun 12, 2021
    risk 0.00cvss epss 0.03

    In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2021-27807Mar 19, 2021
    risk 0.00cvss epss 0.03

    A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

  • CVE-2020-25201Nov 4, 2020
    risk 0.00cvss epss 0.03

    HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

  • CVE-2019-3564May 6, 2019
    risk 0.00cvss epss 0.02

    Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…