VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 21 of 23
  • CVE-2021-37714Aug 18, 2021
    risk 0.00cvss epss 0.07

    jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop…

  • CVE-2021-37686Aug 12, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis…

  • CVE-2021-35515Jul 13, 2021
    risk 0.00cvss epss 0.12

    When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

  • CVE-2021-30468Jun 16, 2021
    risk 0.00cvss epss 0.07

    A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache…

  • CVE-2021-31812Jun 12, 2021
    risk 0.00cvss epss 0.03

    In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2021-28676Jun 2, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

  • CVE-2021-33194May 26, 2021
    risk 0.00cvss epss 0.07

    golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

  • CVE-2021-29591May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite…

  • CVE-2021-29510May 13, 2021
    risk 0.00cvss epss 0.01

    Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU).…

  • CVE-2021-29486Apr 30, 2021
    risk 0.00cvss epss 0.02

    cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case…

  • CVE-2021-29482Apr 28, 2021
    risk 0.00cvss epss 0.01

    xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users…

  • CVE-2021-28484Apr 14, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for…

  • CVE-2021-28657Mar 31, 2021
    risk 0.00cvss epss 0.03

    A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

  • CVE-2021-20270Mar 23, 2021
    risk 0.00cvss epss 0.03

    An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

  • CVE-2021-28667Mar 18, 2021
    risk 0.00cvss epss 0.02

    StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

  • CVE-2021-21235Jan 6, 2021
    risk 0.00cvss epss 0.02

    kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version…

  • CVE-2020-25574Sep 14, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

  • CVE-2020-16845Aug 6, 2020
    risk 0.00cvss epss 0.05

    Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

  • CVE-2020-1469Jul 14, 2020
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

  • CVE-2020-13935Jul 14, 2020
    risk 0.00cvss epss 0.88

    The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could…