VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 7 of 23
  • CVE-2015-7850MedAug 7, 2017
    risk 0.43cvss 6.5epss 0.05

    ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

  • CVE-2017-9461MedJun 6, 2017
    risk 0.43cvss 6.5epss 0.04

    smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

  • CVE-2025-71319HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.01

    image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite…

  • CVE-2026-47066HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace,…

  • CVE-2026-32739MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no…

  • CVE-2026-42781MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.  Note: Software versions which have reached End of Technical Support…

  • CVE-2026-39806HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the…

  • CVE-2026-42899HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.02

    Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-33814HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-41680HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an…

  • CVE-2026-31552HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 ("wifi: wlcore: ensure skb headroom before skb_push"), wl1271_tx_allocate() and with it…

  • CVE-2026-33116HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-23451HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const…

  • CVE-2026-33891HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.01

    Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from…

  • CVE-2026-33699HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot…

  • CVE-2026-32287HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.01

    Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

  • CVE-2026-32873HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.01

    ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected trailer headers (forbidden or undeclared) cause an infinite loop. When handle_trailers encounters such a trailer, three code paths (lines 520, 523, 526) recurse…

  • CVE-2026-4111HigMar 13, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents…

  • CVE-2025-8194HigJul 28, 2025
    risk 0.42cvss 7.5epss 0.01

    There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of…

  • CVE-2025-3857HigApr 21, 2025
    risk 0.42cvss 7.5epss 0.01

    When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite…