Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1060 vulnerabilities reference this CWE, most recent first.

GHSA-8G7P-JF3G-GXCP

Vulnerability from github – Published: 2026-03-23 06:30 – Updated: 2026-03-29 15:51
VLAI
Summary
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Details

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jsrsasign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:51:28Z",
    "nvd_published_at": "2026-03-23T06:16:21Z",
    "severity": "HIGH"
  },
  "details": "Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).",
  "id": "GHSA-8g7p-jf3g-gxcp",
  "modified": "2026-03-29T15:51:28Z",
  "published": "2026-03-23T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/pull/648"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kjur/jsrsasign"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs"
}

GHSA-8G9J-VP2C-MG7R

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI
Details

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-05T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.",
  "id": "GHSA-8g9j-vp2c-mg7r",
  "modified": "2022-05-13T01:52:45Z",
  "published": "2022-05-13T01:52:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H93-38HX-VV92

Vulnerability from github – Published: 2025-06-07 09:30 – Updated: 2025-06-09 15:31
VLAI
Details

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.

There is no other way for the application to escape or exit this loop other than killing the thread/process.

This might be used to DoS libcurl-using application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-07T08:15:20Z",
    "severity": "HIGH"
  },
  "details": "Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.",
  "id": "GHSA-8h93-38hx-vv92",
  "modified": "2025-06-09T15:31:41Z",
  "published": "2025-06-07T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3168039"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-5399.html"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-5399.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/06/04/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H9F-G8Q9-87R3

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-14T07:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.",
  "id": "GHSA-8h9f-g8q9-87r3",
  "modified": "2022-05-13T01:50:29Z",
  "published": "2022-05-13T01:50:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17042"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcsanches/dbf2txt/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8J7J-8W2R-72PQ

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-02-03 00:30
VLAI
Details

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
  "id": "GHSA-8j7j-8w2r-72pq",
  "modified": "2023-02-03T00:30:18Z",
  "published": "2022-05-24T17:25:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15654"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1648333"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4443-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-32"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-33"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8J7Q-4Q44-6HPF

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.",
  "id": "GHSA-8j7q-4q44-6hpf",
  "modified": "2022-05-13T01:47:51Z",
  "published": "2022-05-13T01:47:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9222"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jun/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M8H-XWP6-PGJF

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32
VLAI
Details

eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T17:16:12Z",
    "severity": "MODERATE"
  },
  "details": "eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.",
  "id": "GHSA-8m8h-xwp6-pgjf",
  "modified": "2025-11-18T18:32:54Z",
  "published": "2025-11-18T18:32:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63829"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/lkloliver/b00377bec754d4aa1dc731be210d5889"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/fastdds/core/Time_t.cpp#L67"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M9G-647G-5PXW

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-07 16:04
VLAI
Summary
Infinite loop in Yubico yubihsm-connector
Details

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/Yubico/yubihsm-connector"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-07T16:04:45Z",
    "nvd_published_at": "2021-04-14T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.",
  "id": "GHSA-8m9g-647g-5pxw",
  "modified": "2021-05-07T16:04:45Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yubico/yubihsm-connector/commit/82bdf202c53460bac9106cc9b4b34a0a16cae0ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yubico/yubihsm-connector/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.yubico.com/support/security-advisories/ysa-2021-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Infinite loop in Yubico yubihsm-connector"
}

GHSA-8MMP-C685-53VW

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-08-05 00:00
VLAI
Details

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-11T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
  "id": "GHSA-8mmp-c685-53vw",
  "modified": "2022-08-05T00:00:28Z",
  "published": "2022-05-24T17:44:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MVJ-3J78-4QMW

Vulnerability from github – Published: 2025-08-26 16:19 – Updated: 2025-09-10 21:07
VLAI
Summary
jsPDF Denial of Service (DoS)
Details

Impact

User control of the first argument of the addImage method results in CPU utilization and denial of service.

If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.

Other affected methods are: html.

Example payload:

import { jsPDF } from "jspdf" 

const payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])

const doc = new jsPDF();
const startTime = performance.now();
try {
  doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");
} finally {
  const endTime = performance.now();
  console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);
}

Patches

The vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@>=3.0.2.

In jspdf@>=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.

Workarounds

Sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.

Credits

Researcher: Aleksey Solovev (Positive Technologies)

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "jspdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57810"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-26T16:19:04Z",
    "nvd_published_at": "2025-08-26T16:15:37Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nUser control of the first argument of the addImage method results in CPU utilization and denial of service.\n\nIf given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.\n\nOther affected methods are: `html`.\n\nExample payload:\n\n```js\nimport { jsPDF } from \"jspdf\" \n\nconst payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])\n\nconst doc = new jsPDF();\nconst startTime = performance.now();\ntry {\n  doc.addImage(payload, \"PNG\", 10, 40, 180, 180, undefined, \"SLOW\");\n} finally {\n  const endTime = performance.now();\n  console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);\n}\n```\n\n### Patches\nThe vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@\u003e=3.0.2.\n\nIn jspdf@\u003e=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.\n\n### Workarounds\nSanitize image data or URLs before passing it to the addImage method or one of the other affected methods.\n\n### Credits\nResearcher: Aleksey Solovev (Positive Technologies)",
  "id": "GHSA-8mvj-3j78-4qmw",
  "modified": "2025-09-10T21:07:04Z",
  "published": "2025-08-26T16:19:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parallax/jsPDF/pull/3880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parallax/jsPDF"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "jsPDF Denial of Service (DoS)"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.