CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (456)
page 21 of 23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37714 | — | 0.00 | — | 0.07 | Aug 18, 2021 | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop… | ||
| CVE-2021-37686 | 0.00 | — | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis… | |||
| CVE-2021-35515 | 0.00 | — | 0.12 | Jul 13, 2021 | When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||
| CVE-2021-30468 | 0.00 | — | 0.07 | Jun 16, 2021 | A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache… | |||
| CVE-2021-31812 | — | 0.00 | — | 0.03 | Jun 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | ||
| CVE-2021-28676 | — | 0.00 | — | 0.02 | Jun 2, 2021 | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. | ||
| CVE-2021-33194 | — | 0.00 | — | 0.07 | May 26, 2021 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | ||
| CVE-2021-29591 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite… | |||
| CVE-2021-29510 | — | 0.00 | — | 0.01 | May 13, 2021 | Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU).… | ||
| CVE-2021-29486 | — | 0.00 | — | 0.02 | Apr 30, 2021 | cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case… | ||
| CVE-2021-29482 | — | 0.00 | — | 0.01 | Apr 28, 2021 | xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users… | ||
| CVE-2021-28484 | — | 0.00 | — | 0.02 | Apr 14, 2021 | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for… | ||
| CVE-2021-28657 | 0.00 | — | 0.03 | Mar 31, 2021 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | |||
| CVE-2021-20270 | — | 0.00 | — | 0.03 | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | ||
| CVE-2021-28667 | — | 0.00 | — | 0.02 | Mar 18, 2021 | StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). | ||
| CVE-2021-21235 | 0.00 | — | 0.02 | Jan 6, 2021 | kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version… | |||
| CVE-2020-25574 | — | 0.00 | — | 0.02 | Sep 14, 2020 | An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | ||
| CVE-2020-16845 | — | 0.00 | — | 0.05 | Aug 6, 2020 | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | ||
| CVE-2020-1469 | — | 0.00 | — | 0.05 | Jul 14, 2020 | A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | ||
| CVE-2020-13935 | 0.00 | — | 0.88 | Jul 14, 2020 | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could… |
- CVE-2021-37714Aug 18, 2021risk 0.00cvss —epss 0.07
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop…
- CVE-2021-37686Aug 12, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis…
- CVE-2021-35515Jul 13, 2021risk 0.00cvss —epss 0.12
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
- CVE-2021-30468Jun 16, 2021risk 0.00cvss —epss 0.07
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache…
- CVE-2021-31812Jun 12, 2021risk 0.00cvss —epss 0.03
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
- CVE-2021-28676Jun 2, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
- CVE-2021-33194May 26, 2021risk 0.00cvss —epss 0.07
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
- CVE-2021-29591May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite…
- CVE-2021-29510May 13, 2021risk 0.00cvss —epss 0.01
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU).…
- CVE-2021-29486Apr 30, 2021risk 0.00cvss —epss 0.02
cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case…
- CVE-2021-29482Apr 28, 2021risk 0.00cvss —epss 0.01
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users…
- CVE-2021-28484Apr 14, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for…
- CVE-2021-28657Mar 31, 2021risk 0.00cvss —epss 0.03
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2021-20270Mar 23, 2021risk 0.00cvss —epss 0.03
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- CVE-2021-28667Mar 18, 2021risk 0.00cvss —epss 0.02
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).
- CVE-2021-21235Jan 6, 2021risk 0.00cvss —epss 0.02
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version…
- CVE-2020-25574Sep 14, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
- CVE-2020-16845Aug 6, 2020risk 0.00cvss —epss 0.05
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
- CVE-2020-1469Jul 14, 2020risk 0.00cvss —epss 0.05
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.
- CVE-2020-13935Jul 14, 2020risk 0.00cvss —epss 0.88
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could…