Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1057 vulnerabilities reference this CWE, most recent first.

GHSA-X43J-M68C-2QXF

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2025-11-04 21:30
VLAI
Details

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
  "id": "GHSA-x43j-m68c-2qxf",
  "modified": "2025-11-04T21:30:26Z",
  "published": "2022-05-24T19:17:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42260"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/tinyxml/bugs/141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4FC-X944-V9P7

Vulnerability from github – Published: 2022-03-03 00:00 – Updated: 2022-03-17 00:04
VLAI
Details

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-02T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the way HAProxy processed HTTP responses containing the \"Set-Cookie2\" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.",
  "id": "GHSA-x4fc-x944-v9p7",
  "modified": "2022-03-17T00:04:06Z",
  "published": "2022-03-03T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0711"
    },
    {
      "type": "WEB",
      "url": "https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2022-0711"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5102"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/haproxy@formilux.org/msg41833.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5VR-48JX-H8WP

Vulnerability from github – Published: 2023-02-07 21:30 – Updated: 2023-02-16 15:30
VLAI
Details

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-07T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.",
  "id": "GHSA-x5vr-48jx-h8wp",
  "modified": "2023-02-16T15:30:30Z",
  "published": "2023-02-07T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46285"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X76G-P4RM-4XCH

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18
VLAI
Details

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-21T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.",
  "id": "GHSA-x76g-p4rm-4xch",
  "modified": "2022-05-24T19:18:26Z",
  "published": "2022-05-24T19:18:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42715"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nothings/stb/issues/1224"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nothings/stb/pull/1223"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X78Q-89F4-5W3C

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36
VLAI
Details

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T23:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.",
  "id": "GHSA-x78q-89f4-5w3c",
  "modified": "2025-04-20T03:36:01Z",
  "published": "2022-05-13T01:47:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7701"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=fa31f69b407436d0946f84baa0acdcc50962bf7a"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-12"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2017-16.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97632"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038262"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7VR-C387-8W57

Vulnerability from github – Published: 2021-08-25 21:01 – Updated: 2023-06-13 18:21
VLAI
Summary
Integer Overflow/Infinite Loop in the http crate
Details

HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.

If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).

The flaw was corrected in 0.1.20 release of http crate.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "http"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-25574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-26T18:47:31Z",
    "nvd_published_at": "2020-09-14T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.\n\nIf the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).\n\nThe flaw was corrected in 0.1.20 release of http crate.",
  "id": "GHSA-x7vr-c387-8w57",
  "modified": "2023-06-13T18:21:10Z",
  "published": "2021-08-25T21:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperium/http/issues/352"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperium/http"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0033.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Integer Overflow/Infinite Loop in the http crate"
}

GHSA-X8GX-VM44-MV77

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 06:30
VLAI
Details

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-x8gx-vm44-mv77",
  "modified": "2022-11-18T06:30:28Z",
  "published": "2022-11-15T12:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33239"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8W5-J8FH-HPVP

Vulnerability from github – Published: 2026-03-07 09:30 – Updated: 2026-03-09 15:30
VLAI
Details

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-07T09:16:07Z",
    "severity": "HIGH"
  },
  "details": "It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).",
  "id": "GHSA-x8w5-j8fh-hpvp",
  "modified": "2026-03-09T15:30:43Z",
  "published": "2026-03-07T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2219"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/1129722"
    },
    {
      "type": "WEB",
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9MM-6GPF-F749

Vulnerability from github – Published: 2022-05-17 03:00 – Updated: 2022-07-06 20:59
VLAI
Summary
Loop with Unreachable Exit Condition in Apache POI
Details

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.poi:poi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-9527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:59:38Z",
    "nvd_published_at": "2015-01-06T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.",
  "id": "GHSA-x9mm-6gpf-f749",
  "modified": "2022-07-06T20:59:38Z",
  "published": "2022-05-17T03:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9527"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1135"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=57272"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150228.html"
    },
    {
      "type": "WEB",
      "url": "http://poi.apache.org/changes.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61953"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Loop with Unreachable Exit Condition in Apache POI"
}

GHSA-XC76-5PF9-MX8M

Vulnerability from github – Published: 2025-03-14 17:31 – Updated: 2025-03-15 20:47
VLAI
Summary
In Azle, calling `setTimer` causes infinite loop of timers
Details

Impact

Calling setTimer in Azle versions 0.27.0, 0.28.0, and 0.29.0 causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer.

The infinite loop will occur with any valid invocation of setTimer.

Patches

The problem has been fixed as of Azle version 0.30.0.

Workarounds

If a canister is caught in this infinite loop after calling setTimer, the canister can be upgraded and the timers will all be cleared, thus ending the loop.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "azle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.27.0"
            },
            {
              "fixed": "0.30.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-29776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-14T17:31:07Z",
    "nvd_published_at": "2025-03-14T14:15:18Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nCalling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer.\n\nThe infinite loop will occur with any valid invocation of `setTimer`.\n\n### Patches\n\nThe problem has been fixed as of Azle version `0.30.0`.\n\n### Workarounds\n\nIf a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.",
  "id": "GHSA-xc76-5pf9-mx8m",
  "modified": "2025-03-15T20:47:15Z",
  "published": "2025-03-14T17:31:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/demergent-labs/azle/security/advisories/GHSA-xc76-5pf9-mx8m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29776"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/demergent-labs/azle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/demergent-labs/azle/releases/tag/0.30.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "In Azle, calling `setTimer` causes infinite loop of timers"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.