VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 8 of 23
  • CVE-2024-30172HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2024-32650HigApr 19, 2024
    risk 0.42cvss 7.5epss 0.01

    Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's…

  • CVE-2024-24786HigMar 5, 2024
    risk 0.42cvss 7.5epss 0.01

    The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

  • CVE-2022-27781HigJun 2, 2022
    risk 0.42cvss 7.5epss 0.02

    libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to…

  • CVE-2022-0778HigMar 15, 2022
    risk 0.42cvss 7.5epss 0.71

    The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic…

  • CVE-2018-6977MedOct 9, 2018
    risk 0.42cvss 6.5epss 0.00

    VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to…

  • CVE-2018-18024MedOct 7, 2018
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2018-16646MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.03

    In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

  • CVE-2018-14445MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.01

    In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.

  • CVE-2018-14347MedJul 17, 2018
    risk 0.42cvss 6.5epss 0.02

    GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

  • CVE-2017-18273MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.

  • CVE-2017-18271MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

  • CVE-2018-10981MedMay 10, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.

  • CVE-2018-7751MedApr 24, 2018
    risk 0.42cvss 6.5epss 0.02

    The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

  • CVE-2018-1000075HigMar 13, 2018
    risk 0.42cvss 7.5epss 0.05

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar…

  • CVE-2018-5685MedJan 14, 2018
    risk 0.42cvss 6.5epss 0.02

    In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

  • CVE-2017-17681MedDec 14, 2017
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

  • CVE-2017-17044MedNov 28, 2017
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.

  • CVE-2017-16932HigNov 23, 2017
    risk 0.42cvss 7.5epss 0.06

    parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

  • CVE-2017-14741MedSep 26, 2017
    risk 0.42cvss 6.5epss 0.01

    The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.