CVEbaza.plSłownik CWECWE-835
Common Weakness Enumeration

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Kategoria: BaseCVE: 981
Opis

Produkt zawiera iterację lub pętlę z warunkiem wyjścia, który nie może być osiągnięty, czyli nieskończoną pętlę. Taka pętla nigdy się nie zakończy, co prowadzi do zawieszenia się programu lub niepotrzebnego zużycia zasobów.

Description (EN)

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Podatności CVE z CWE-835 (981)
10.0
CVSS
CRITICAL
CVE-2026-24816

Podatność nieskończonej pętli (infinite loop) w projekcie datavane TIS pozwala nieuwierzytelnionemu atakującemu zdalnie doprowadzić do niedostępności komponentów aplikacji. Ocena CVSS 10.0 czyni ją podatnością krytyczną wymagającą pilnego działania.

pub. 2026-01-27
9.8
CVSS
CRITICAL
CVE-2019-19307

An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.

pub. 2019-11-26
9.8
CVSS
CRITICAL
CVE-2018-20784

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

pub. 2019-02-22
9.8
CVSS
CRITICAL
CVE-2017-12990

The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.

pub. 2017-09-14
9.8
CVSS
CRITICAL
CVE-2017-12995

The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().

pub. 2017-09-14
9.8
CVSS
CRITICAL
CVE-2017-12997

The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().

pub. 2017-09-14
9.4
CVSS
CRITICAL
CVE-2026-31448

Podatność w systemie plików ext4 jądra Linux powoduje nieskończoną pętlę oraz blokadę procesu na ponad 143 sekundy w wyniku nieprawidłowego zarządzania fizycznymi blokami po błędzie wstawiania ekstentu. Jest groźna, ponieważ prowadzi do poważnego naruszenia integralności metadanych oraz odmowy dostępu do zasobów systemu plików.

pub. 2026-04-22
9.2
CVSS
CRITICAL
CVE-2026-24803

Podatność klasy CWE-835 (Loop with Unreachable Exit Condition) w projekcie lede powoduje nieskończoną pętlę w module obsługi zabezpieczeń sterownika WiFi mt7615d. Może ją wywołać zdalny, nieuwierzytelniony atakujący, doprowadzając do całkowitej niedostępności systemu.

pub. 2026-01-27
9.2
CVSS
CRITICAL
CVE-2026-24804

Podatność typu CWE-835 (Loop with Unreachable Exit Condition) w projekcie lede powoduje możliwość wprowadzenia systemu w nieskończoną pętlę poprzez sieć. Ze względu na brak możliwości wyjścia z pętli, skutkuje to całkowitą niedostępnością usługi (DoS) zarówno na poziomie urządzenia, jak i sieci.

pub. 2026-01-27
9.1
CVSS
CRITICAL
CVE-2021-42143

W bibliotece tinyDTLS wchodzącej w skład projektu Contiki-NG wykryto błąd powodujący nieskończoną pętlę podczas obsługi komunikatu ClientHello w handshake DTLS. Podatność pozwala zdalnym atakującym bez uwierzytelnienia na wywołanie odmowy usługi (DoS) oraz potencjalne ujawnienie wrażliwych danych z pamięci.

pub. 2024-01-24
8.8
CVSS
HIGH
CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

pub. 2018-03-09
8.7
CVSS
HIGH
CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.

pub. 2026-06-10
8.7
CVSS
HIGH
CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.

pub. 2026-06-10
8.7
CVSS
HIGH
CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.

pub. 2026-06-09
8.7
CVSS
HIGH
CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 / arm64 targets — so a producer can declare a block of up to math.MaxInt64 (~9.2 × 10¹⁸) elements followed by EOF (or any truncated payload), and the decoder will attempt that many no-op iterations before propagating the error. The realistic ceiling is "indefinite until the worker is killed externally" — a single hostile payload pins a CPU core until the process is OOM-killed, deadline-cancelled, or terminated. Remote, unauthenticated denial-of-service. This vulnerability is fixed in 2.33.0.

pub. 2026-05-29
8.7
CVSS
HIGH
CVE-2026-47066

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.

pub. 2026-05-25
8.7
CVSS
HIGH
CVE-2026-39806

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is followed immediately by the empty trailer line \r\n. RFC 9112 §7.1.2 permits zero or more trailer fields between them. When trailers are present, none of the match clauses fit: the catch-all arm computes a negative to_read, calls read_available!/2, receives <<>> on timeout, and tail-recurses with unchanged state. The worker process is pinned for the lifetime of the TCP connection. A handful of concurrent connections sending RFC-conformant chunked requests with trailer fields is sufficient to exhaust the Bandit worker pool and render the server unresponsive to all further traffic. No authentication, special headers, or large payload is required. Proxies such as NGINX and HAProxy legitimately forward trailer-bearing requests, so servers behind such proxies may be affected without any malicious client involvement. This issue affects bandit: from 1.6.1 before 1.11.1.

pub. 2026-05-13
8.7
CVSS
HIGH
CVE-2026-42920

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2026-05-13
8.7
CVSS
HIGH
CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM). This vulnerability is fixed in 18.0.2.

pub. 2026-04-24
8.7
CVSS
HIGH
CVE-2026-41146

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of returning a parse error. Because `iodine` vendors the same parser code, the issue also affects `iodine` when it parses attacker-controlled JSON. The smallest reproducer I found is `[i`. The quoted-value form that originally exposed the issue, `[""i`, reaches the same bug because the parser tolerates missing commas and then treats the trailing `i` as the start of another value. Commit 5128747363055201d3ecf0e29bf0a961703c9fa0 fixes the issue.

pub. 2026-04-22
Pokazano 20 z 981 podatności
Informacje
ID: CWE-835
Typ: Base
Podatności: 981
MITRE CWE ↗
← Słownik CWE