CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
BaseIncomplete
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (219)
page 3 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15871 | Hig | 0.49 | 7.5 | 0.00 | Oct 24, 2017 | The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file | |
| CVE-2017-15602 | Hig | 0.49 | 7.5 | 0.00 | Oct 18, 2017 | In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. | |
| CVE-2017-14929 | Hig | 0.49 | 7.5 | 0.00 | Sep 30, 2017 | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | |
| CVE-2017-14339 | Hig | 0.49 | 7.5 | 0.01 | Sep 20, 2017 | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | |
| CVE-2017-14519 | Hig | 0.49 | 7.5 | 0.00 | Sep 17, 2017 | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | |
| CVE-2017-12989 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2017 | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | |
| CVE-2017-14229 | Hig | 0.49 | 7.5 | 0.01 | Sep 9, 2017 | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |
| CVE-2017-13767 | Hig | 0.49 | 7.5 | 0.00 | Aug 30, 2017 | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |
| CVE-2017-13728 | Hig | 0.49 | 7.5 | 0.00 | Aug 29, 2017 | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-12852 | Hig | 0.49 | 7.5 | 0.01 | Aug 15, 2017 | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | |
| CVE-2017-9233 | Hig | 0.49 | 7.5 | 0.00 | Jul 25, 2017 | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | |
| CVE-2017-11410 | Hig | 0.49 | 7.5 | 0.00 | Jul 18, 2017 | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. | |
| CVE-2017-11406 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2017 | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. | |
| CVE-2017-10986 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | |
| CVE-2017-10985 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |
| CVE-2017-9023 | Hig | 0.49 | 7.5 | 0.01 | Jun 8, 2017 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |
| CVE-2017-9358 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2017 | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | |
| CVE-2017-9352 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2017 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | |
| CVE-2017-9349 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2017 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |
| CVE-2017-9346 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2017 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. |