CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (456)
page 8 of 23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30172 | Hig | 0.42 | 7.5 | 0.01 | May 14, 2024 | An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. | ||
| CVE-2024-32650 | Hig | 0.42 | 7.5 | 0.01 | Apr 19, 2024 | Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's… | ||
| CVE-2024-24786 | Hig | 0.42 | 7.5 | 0.01 | Mar 5, 2024 | The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | ||
| CVE-2022-27781 | Hig | 0.42 | 7.5 | 0.02 | Jun 2, 2022 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to… | ||
| CVE-2022-0778 | Hig | 0.42 | 7.5 | 0.71 | Mar 15, 2022 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic… | ||
| CVE-2018-6977 | Med | 0.42 | 6.5 | 0.00 | Oct 9, 2018 | VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to… | ||
| CVE-2018-18024 | Med | 0.42 | 6.5 | 0.03 | Oct 7, 2018 | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | ||
| CVE-2018-16646 | Med | 0.42 | 6.5 | 0.03 | Sep 6, 2018 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | ||
| CVE-2018-14445 | Med | 0.42 | 6.5 | 0.01 | Jul 20, 2018 | In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | ||
| CVE-2018-14347 | Med | 0.42 | 6.5 | 0.02 | Jul 17, 2018 | GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | ||
| CVE-2017-18273 | Med | 0.42 | 6.5 | 0.02 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. | ||
| CVE-2017-18271 | Med | 0.42 | 6.5 | 0.02 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | ||
| CVE-2018-10981 | Med | 0.42 | 6.5 | 0.00 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | ||
| CVE-2018-7751 | Med | 0.42 | 6.5 | 0.02 | Apr 24, 2018 | The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | ||
| CVE-2018-1000075 | — | Hig | 0.42 | 7.5 | 0.05 | Mar 13, 2018 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar… | |
| CVE-2018-5685 | Med | 0.42 | 6.5 | 0.02 | Jan 14, 2018 | In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. | ||
| CVE-2017-17681 | Med | 0.42 | 6.5 | 0.03 | Dec 14, 2017 | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | ||
| CVE-2017-17044 | Med | 0.42 | 6.5 | 0.00 | Nov 28, 2017 | An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | ||
| CVE-2017-16932 | Hig | 0.42 | 7.5 | 0.06 | Nov 23, 2017 | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | ||
| CVE-2017-14741 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2017 | The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. |
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
- risk 0.42cvss 7.5epss 0.01
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's…
- risk 0.42cvss 7.5epss 0.01
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
- risk 0.42cvss 7.5epss 0.02
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to…
- risk 0.42cvss 7.5epss 0.71
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic…
- risk 0.42cvss 6.5epss 0.00
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to…
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
- risk 0.42cvss 6.5epss 0.03
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
- risk 0.42cvss 6.5epss 0.01
In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.
- risk 0.42cvss 6.5epss 0.02
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
- risk 0.42cvss 6.5epss 0.02
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
- risk 0.42cvss 7.5epss 0.05
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar…
- risk 0.42cvss 6.5epss 0.02
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
- risk 0.42cvss 7.5epss 0.06
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
- risk 0.42cvss 6.5epss 0.01
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.