VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 16 of 23
  • CVE-2015-8900MedFeb 27, 2017
    risk 0.29cvss 5.5epss 0.02

    The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

  • CVE-2016-7909MedOct 5, 2016
    risk 0.29cvss 4.4epss 0.00

    The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

  • CVE-2016-7908MedOct 5, 2016
    risk 0.29cvss 4.4epss 0.00

    The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors…

  • CVE-2016-4453MedJun 1, 2016
    risk 0.29cvss 4.4epss 0.00

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

  • CVE-2011-4621MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.

  • CVE-2026-10028MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which…

  • CVE-2025-23221MedJan 20, 2025
    risk 0.28cvss 5.4epss 0.01

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of…

  • CVE-2023-46442MedMay 24, 2024
    risk 0.28cvss 4.3epss 0.01

    An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).

  • CVE-2026-41150MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is…

  • CVE-2026-6985MedApr 25, 2026
    risk 0.27cvss 5.3epss 0.01

    A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be…

  • CVE-2026-2739MedFeb 20, 2026
    risk 0.27cvss 5.3epss 0.00

    This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

  • CVE-2026-24802MedJan 27, 2026
    risk 0.27cvss epss 0.00

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0.

  • CVE-2024-44337MedOct 15, 2024
    risk 0.26cvss 5.1epss 0.01

    The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the…

  • CVE-2016-8579MedOct 28, 2016
    risk 0.26cvss 4.0epss 0.00

    docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.

  • CVE-2024-32886MedMay 8, 2024
    risk 0.25cvss 4.9epss 0.01

    Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and…

  • CVE-2025-30187LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption…

  • CVE-2026-41285MedApr 21, 2026
    risk 0.21cvss 4.3epss 0.00

    In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is…

  • CVE-2024-55565MedDec 9, 2024
    risk 0.21cvss 4.3epss 0.01

    nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

  • CVE-2025-42954LowJul 8, 2025
    risk 0.18cvss 2.7epss 0.00

    SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to…

  • CVE-2016-9581LowAug 1, 2018
    risk 0.15cvss 3.3epss 0.02

    An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.