CWE-835— Loop with Unreachable Exit Condition (Infinite Loop)
686 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-835page 1 of 14
- CVE-2004-0748NONECVSS 0.0EG 0.02004-10-20
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
- CVE-2004-0753NONECVSS 0.0EG 0.02004-10-20
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
- CVE-2005-0851NONECVSS 0.0EG 0.02005-05-02
FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings.
- CVE-2005-2224NONECVSS 0.0EG 0.02005-07-12
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
- CVE-2006-6499NONECVSS 0.0EG 0.02006-12-20
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote…
- CVE-2009-1270NONECVSS 0.0EG 0.02009-04-08
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
- CVE-2009-2906NONECVSS 0.0EG 0.02009-10-07
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
- CVE-2010-0207MEDIUMCVSS 5.5EG 5.52019-10-30
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
- CVE-2010-1282MEDIUMCVSS 6.5EG 6.52010-05-13
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
- CVE-2010-3880NONECVSS 0.0EG 0.02010-12-10
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlin…
- CVE-2011-1002NONECVSS 0.0EG 0.02011-02-22
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an …
- CVE-2011-1142HIGHCVSS 7.5EG 7.52011-03-03
Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involvi…
- CVE-2011-1474MEDIUMCVSS 5.5EG 5.52019-12-26
A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap…
- CVE-2011-2213NONECVSS 0.0EG 0.02011-08-29
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_…
- CVE-2011-4621MEDIUMCVSS 5.5EG 5.52012-05-17
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
- CVE-2012-0248MEDIUMCVSS 5.5EG 5.52012-06-05
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
- CVE-2012-1186MEDIUMCVSS 5.5EG 5.52012-06-05
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnera…
- CVE-2013-10005HIGHCVSS 7.5EG 7.52022-12-27
The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.
- CVE-2013-2789NONECVSS 0.0EG 0.02013-08-22
The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physicall…
- CVE-2013-3722HIGHCVSS 7.5EG 7.52020-02-17
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.
- CVE-2013-7488HIGHCVSS 7.5EG 7.52020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.
- CVE-2014-0148MEDIUMCVSS 5.5EG 5.52022-09-29
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to …
- CVE-2014-8561MEDIUMCVSS 6.5EG 6.52019-12-15
imagemagick 6.8.9.6 has remote DOS via infinite loop
- CVE-2015-10103LOWCVSS 2.8EG 2.82023-04-17
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infi…
- CVE-2015-5239MEDIUMCVSS 6.5EG 6.52020-01-23
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
- CVE-2015-5278MEDIUMCVSS 6.5EG 6.52020-01-23
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2015-5694MEDIUMCVSS 6.5EG 6.52019-11-22
Designate does not enforce the DNS protocol limit concerning record set sizes
- CVE-2015-6815LOWCVSS 3.5EG 3.52020-01-31
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via…
- CVE-2016-9581LOWCVSS 3.3EG 8.82018-08-01
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
- CVE-2017-12412HIGHCVSS 7.8EG 7.82018-02-07
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.
- CVE-2017-12626HIGHCVSS 7.5EG 7.52018-01-29
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DO…
- CVE-2017-13191HIGHCVSS 7.5EG 7.52018-01-12
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User i…
- CVE-2017-13192HIGHCVSS 7.5EG 7.52018-01-12
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no add…
- CVE-2017-13193HIGHCVSS 7.5EG 7.52018-01-12
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no…
- CVE-2017-13195HIGHCVSS 7.5EG 7.52018-01-12
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical s…
- CVE-2017-13313MEDIUMCVSS 6.5EG 7.52024-11-15
In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional executi…
- CVE-2017-15835MEDIUMCVSS 6.5EG 6.52018-12-07
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop m…
- CVE-2017-17131MEDIUMCVSS 5.7EG 5.72018-03-05
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the param…
- CVE-2017-17150MEDIUMCVSS 5.5EG 5.52018-03-09
Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS v…
- CVE-2017-18183MEDIUMCVSS 5.5EG 5.52018-02-13
An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
- CVE-2017-18186MEDIUMCVSS 5.5EG 5.52018-02-13
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
- CVE-2017-18208MEDIUMCVSS 5.5EG 5.52018-03-01
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
- CVE-2017-18233MEDIUMCVSS 5.5EG 5.52018-03-15
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
- CVE-2017-18236MEDIUMCVSS 5.5EG 5.52018-03-15
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
- CVE-2017-18238MEDIUMCVSS 5.5EG 5.52018-03-15
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data …
- CVE-2017-18261MEDIUMCVSS 5.5EG 5.52018-04-19
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circum…
- CVE-2017-18267MEDIUMCVSS 5.5EG 5.52018-05-10
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
- CVE-2017-18271MEDIUMCVSS 6.5EG 6.52018-05-18
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
- CVE-2017-18273MEDIUMCVSS 6.5EG 6.52018-05-18
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mis…
- CVE-2017-18277MEDIUMCVSS 5.5EG 5.52018-10-23
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9…
Map vulnerabilities like CWE-835 to your infrastructure
EchelonGraph correlates every CVE — across CWE-835 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →