CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1058 vulnerabilities reference this CWE, most recent first.
GHSA-G6X2-39G4-M6XQ
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.
{
"affected": [],
"aliases": [
"CVE-2017-7745"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T23:59:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.",
"id": "GHSA-g6x2-39g4-m6xq",
"modified": "2025-04-20T03:36:01Z",
"published": "2022-05-13T01:47:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7745"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-20.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97627"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G7JQ-J257-RWW2
Vulnerability from github – Published: 2026-05-27 03:30 – Updated: 2026-07-01 18:04In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "swift"
},
"ranges": [
{
"events": [
{
"introduced": "2.36.0"
},
{
"last_affected": "2.36.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "swift"
},
"ranges": [
{
"events": [
{
"introduced": "2.37.0"
},
{
"last_affected": "2.37.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49017"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T18:04:11Z",
"nvd_published_at": "2026-05-27T02:16:34Z",
"severity": "HIGH"
},
"details": "In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.",
"id": "GHSA-g7jq-j257-rww2",
"modified": "2026-07-01T18:04:11Z",
"published": "2026-05-27T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49017"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/bugs/2152205"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/swift"
},
{
"type": "WEB",
"url": "https://review.opendev.org/c/openstack/swift/+/987957"
},
{
"type": "WEB",
"url": "https://review.opendev.org/c/openstack/swift/+/988093"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/02/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body"
}
GHSA-G85J-48PG-M4XC
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
{
"affected": [],
"aliases": [
"CVE-2018-10981"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-10T22:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.",
"id": "GHSA-g85j-48pg-m4xc",
"modified": "2022-05-13T01:48:59Z",
"published": "2022-05-13T01:48:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10981"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-262.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2018/05/08/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G925-QGM3-HC5P
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: prevent infinite loops caused by the next valid being the same
When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1].
Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this.
[1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284
{
"affected": [],
"aliases": [
"CVE-2026-45864"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: prevent infinite loops caused by the next valid being the same\n\nWhen processing valid within the range [valid : pos), if valid cannot\nbe retrieved correctly, for example, if the retrieved valid value is\nalways the same, this can trigger a potential infinite loop, similar\nto the hung problem reported by syzbot [1].\n\nAdding a check for the valid value within the loop body, and terminating\nthe loop and returning -EINVAL if the value is the same as the current\nvalue, can prevent this.\n\n[1]\nINFO: task syz.4.21:6056 blocked for more than 143 seconds.\nCall Trace:\n rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244\n inode_lock include/linux/fs.h:1027 [inline]\n ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284",
"id": "GHSA-g925-qgm3-hc5p",
"modified": "2026-06-25T21:31:18Z",
"published": "2026-05-27T15:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45864"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G97W-MW7G-V3JV
Vulnerability from github – Published: 2025-07-27 21:32 – Updated: 2025-07-28 15:36Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.
Original Description
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "sequoia-openpgp"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-28T15:36:45Z",
"nvd_published_at": "2025-07-27T20:15:24Z",
"severity": "LOW"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.\n\n### Original Description\nThe sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of \"Reading a cert: Invalid operation: Not a Key packet\" messages for RawCertParser operations that encounter an unsupported primary key type.",
"id": "GHSA-g97w-mw7g-v3jv",
"modified": "2025-07-28T15:36:45Z",
"published": "2025-07-27T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58261"
},
{
"type": "WEB",
"url": "https://crates.io/crates/sequoia-openpgp"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/sequoia-pgp/sequoia"
},
{
"type": "WEB",
"url": "https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0345.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp",
"withdrawn": "2025-07-28T15:36:45Z"
}
GHSA-G99M-3M46-4GM9
Vulnerability from github – Published: 2019-05-14 04:00 – Updated: 2021-08-03 21:31Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.sanselan:sanselan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.97-incubator"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17202"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2019-05-09T15:07:18Z",
"nvd_published_at": "2019-05-06T18:29:00Z",
"severity": "HIGH"
},
"details": "Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.",
"id": "GHSA-g99m-3m46-4gm9",
"modified": "2021-08-03T21:31:13Z",
"published": "2019-05-14T04:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17202"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa@%3Cdev.commons.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in Apache Sanselan"
}
GHSA-G9GF-WJCV-FPQ5
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
{
"affected": [],
"aliases": [
"CVE-2017-18238"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.",
"id": "GHSA-g9gf-wjcv-fpq5",
"modified": "2022-05-13T01:44:38Z",
"published": "2022-05-13T01:44:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18238"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2048"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102483"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3668-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9XF-7F8Q-9MCJ
Vulnerability from github – Published: 2026-07-09 21:09 – Updated: 2026-07-09 21:09Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.
Patches
This has been fixed in pypdf==6.13.1.
Workarounds
If users cannot upgrade yet, consider applying the changes from PR #3839.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54651"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-09T21:09:53Z",
"nvd_published_at": "2026-06-22T21:16:25Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.\n\n### Patches\n\nThis has been fixed in [pypdf==6.13.1](https://github.com/py-pdf/pypdf/releases/tag/6.13.1).\n\n### Workarounds\n\nIf users cannot upgrade yet, consider applying the changes from PR [#3839](https://github.com/py-pdf/pypdf/pull/3839).",
"id": "GHSA-g9xf-7f8q-9mcj",
"modified": "2026-07-09T21:09:53Z",
"published": "2026-07-09T21:09:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-g9xf-7f8q-9mcj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54651"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/3839"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pypdf: Possible infinite loop when processing threads/articles in writer"
}
GHSA-GFH2-7JG5-653P
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-20 16:29docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/appc/docker2aci"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-8579"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T16:29:42Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "docker2aci \u003c= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.",
"id": "GHSA-gfh2-7jg5-653p",
"modified": "2021-05-20T16:29:42Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8579"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/issues/203"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/pull/204/commits/54331ec7020e102935c31096f336d31f6400064f"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/releases/tag/v0.13.0"
},
{
"type": "WEB",
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8579"
},
{
"type": "WEB",
"url": "https://www.securityfocus.com/bid/93560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service in docker2aci"
}
GHSA-GFVH-R99J-X28P
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
{
"affected": [],
"aliases": [
"CVE-2020-9307"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).",
"id": "GHSA-gfvh-r99j-x28p",
"modified": "2022-05-24T17:41:54Z",
"published": "2022-05-24T17:41:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9307"
},
{
"type": "WEB",
"url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view"
},
{
"type": "WEB",
"url": "https://www.belden.com/security"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.