VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 1 of 23
  • CVE-2026-24816CriJan 27, 2026
    risk 0.65cvss epss 0.00

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0.

  • CVE-2017-12997CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().

  • CVE-2017-12995CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().

  • CVE-2017-12990CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.

  • CVE-2018-8002HigMar 9, 2018
    risk 0.61cvss 8.8epss 0.08

    In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact…

  • CVE-2026-24804CriJan 27, 2026
    risk 0.60cvss epss 0.00

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C. This issue affects lede: through r25.10.1.

  • CVE-2026-24803CriJan 27, 2026
    risk 0.60cvss epss 0.00

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C. This issue affects lede: through r25.10.1.

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2017-16944HigNov 25, 2017
    risk 0.57cvss 7.5epss 0.63

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the…

  • CVE-2025-20253HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the…

  • CVE-2025-20243HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper…

  • CVE-2025-20217HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

  • CVE-2025-20136HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote…

  • CVE-2026-31448CriApr 22, 2026
    risk 0.54cvss 9.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails (in this example, because the…

  • CVE-2018-1041HigFeb 15, 2018
    risk 0.53cvss 7.5epss 0.16

    A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

  • CVE-2026-46522HigJun 10, 2026
    risk 0.52cvss 7.5epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and…

  • CVE-2017-12412HigFeb 7, 2018
    risk 0.51cvss 7.8epss 0.01

    ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.

  • CVE-2018-5253HigJan 5, 2018
    risk 0.51cvss 7.8epss 0.01

    The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

  • CVE-2017-15908HigOct 26, 2017
    risk 0.51cvss 7.5epss 0.24

    In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

  • CVE-2026-46385HigMay 29, 2026
    risk 0.50cvss epss 0.00

    iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which…