CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (456)
page 19 of 23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29904 | 0.00 | — | 0.01 | Mar 29, 2024 | CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later. | |||
| CVE-2024-25710 | 0.00 | — | 0.00 | Feb 19, 2024 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | |||
| CVE-2024-25144 | 0.00 | — | 0.01 | Feb 8, 2024 | The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated… | |||
| CVE-2023-50570 | — | 0.00 | — | 0.00 | Dec 29, 2023 | An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs. | ||
| CVE-2023-51075 | — | 0.00 | — | 0.01 | Dec 27, 2023 | hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters. | ||
| CVE-2023-6245 | — | 0.00 | — | 0.01 | Dec 8, 2023 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field… | ||
| CVE-2023-46737 | 0.00 | — | 0.01 | Nov 7, 2023 | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long… | |||
| CVE-2023-46250 | 0.00 | — | 0.00 | Oct 31, 2023 | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%.… | |||
| CVE-2023-45363 | 0.00 | — | 0.23 | Oct 9, 2023 | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants… | |||
| CVE-2023-26151 | — | 0.00 | — | 0.01 | Oct 3, 2023 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | ||
| CVE-2023-43645 | 0.00 | — | 0.01 | Sep 26, 2023 | OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the… | |||
| CVE-2023-1108 | 0.00 | — | 0.02 | Sep 14, 2023 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | |||
| CVE-2020-35139 | — | 0.00 | — | 0.01 | Aug 11, 2023 | An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | ||
| CVE-2020-35141 | — | 0.00 | — | 0.01 | Aug 11, 2023 | An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | ||
| CVE-2023-36807 | 0.00 | — | 0.01 | Jun 30, 2023 | pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can… | |||
| CVE-2023-36464 | 0.00 | — | 0.00 | Jun 27, 2023 | pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in… | |||
| CVE-2023-35933 | 0.00 | — | 0.01 | Jun 26, 2023 | OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are… | |||
| CVE-2023-27560 | 0.00 | — | 0.01 | Mar 3, 2023 | Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | |||
| CVE-2023-25653 | 0.00 | — | 0.01 | Feb 16, 2023 | node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service… | |||
| CVE-2023-23617 | 0.00 | — | 0.01 | Jan 27, 2023 | OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. |
- CVE-2024-29904Mar 29, 2024risk 0.00cvss —epss 0.01
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.
- CVE-2024-25710Feb 19, 2024risk 0.00cvss —epss 0.00
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
- CVE-2024-25144Feb 8, 2024risk 0.00cvss —epss 0.01
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated…
- CVE-2023-50570Dec 29, 2023risk 0.00cvss —epss 0.00
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs.
- CVE-2023-51075Dec 27, 2023risk 0.00cvss —epss 0.01
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
- CVE-2023-6245Dec 8, 2023risk 0.00cvss —epss 0.01
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field…
- CVE-2023-46737Nov 7, 2023risk 0.00cvss —epss 0.01
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long…
- CVE-2023-46250Oct 31, 2023risk 0.00cvss —epss 0.00
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%.…
- CVE-2023-45363Oct 9, 2023risk 0.00cvss —epss 0.23
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants…
- CVE-2023-26151Oct 3, 2023risk 0.00cvss —epss 0.01
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
- CVE-2023-43645Sep 26, 2023risk 0.00cvss —epss 0.01
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the…
- CVE-2023-1108Sep 14, 2023risk 0.00cvss —epss 0.02
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
- CVE-2020-35139Aug 11, 2023risk 0.00cvss —epss 0.01
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
- CVE-2020-35141Aug 11, 2023risk 0.00cvss —epss 0.01
An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
- CVE-2023-36807Jun 30, 2023risk 0.00cvss —epss 0.01
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can…
- CVE-2023-36464Jun 27, 2023risk 0.00cvss —epss 0.00
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in…
- CVE-2023-35933Jun 26, 2023risk 0.00cvss —epss 0.01
OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are…
- CVE-2023-27560Mar 3, 2023risk 0.00cvss —epss 0.01
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
- CVE-2023-25653Feb 16, 2023risk 0.00cvss —epss 0.01
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service…
- CVE-2023-23617Jan 27, 2023risk 0.00cvss —epss 0.01
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.