VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 22 of 23
  • CVE-2020-14040Jun 17, 2020
    risk 0.00cvss epss 0.02

    The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM…

  • CVE-2020-9489Apr 27, 2020
    risk 0.00cvss epss 0.03

    A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika…

  • CVE-2020-1951Mar 23, 2020
    risk 0.00cvss epss 0.03

    A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

  • CVE-2020-10675Mar 19, 2020
    risk 0.00cvss epss 0.02

    The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

  • CVE-2020-7595Jan 21, 2020
    risk 0.00cvss epss 0.08

    xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

  • CVE-2019-19588Dec 5, 2019
    risk 0.00cvss epss 0.01

    The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.

  • CVE-2015-5694Nov 22, 2019
    risk 0.00cvss epss 0.02

    Designate does not enforce the DNS protocol limit concerning record set sizes

  • CVE-2019-18817Nov 12, 2019
    risk 0.00cvss epss 0.01

    Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.

  • CVE-2019-0205Oct 28, 2019
    risk 0.00cvss epss 0.09

    In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language…

  • CVE-2019-12402Aug 29, 2019
    risk 0.00cvss epss 0.16

    The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by…

  • CVE-2019-1010142Jul 19, 2019
    risk 0.00cvss epss 0.03

    scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.

  • CVE-2018-17202May 6, 2019
    risk 0.00cvss epss 0.02

    Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

  • CVE-2017-18361Feb 1, 2019
    risk 0.00cvss epss 0.02

    In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.

  • CVE-2018-17197Dec 24, 2018
    risk 0.00cvss epss 0.06

    A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

  • CVE-2018-1000864Dec 10, 2018
    risk 0.00cvss epss 0.03

    A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

  • CVE-2018-18385Oct 16, 2018
    risk 0.00cvss epss 0.02

    Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular…

  • CVE-2018-10938MedAug 27, 2018
    risk 0.00cvss 5.9epss 0.05

    A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A…

  • CVE-2018-1999012MedJul 23, 2018
    risk 0.00cvss 6.5epss 0.02

    FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be…

  • CVE-2017-18261MedApr 19, 2018
    risk 0.00cvss 5.5epss 0.00

    The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario…

  • CVE-2017-18238MedMar 15, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.