CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-QVJG-2VFM-53C7
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 00:38A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.
{
"affected": [],
"aliases": [
"CVE-2026-10028"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:44Z",
"severity": "MODERATE"
},
"details": "A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.",
"id": "GHSA-qvjg-2vfm-53c7",
"modified": "2026-05-29T00:38:34Z",
"published": "2026-05-29T00:38:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10028"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-10028"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465152"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QW99-33WH-XP55
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
{
"affected": [],
"aliases": [
"CVE-2017-14933"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-30T01:29:00Z",
"severity": "MODERATE"
},
"details": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",
"id": "GHSA-qw99-33wh-xp55",
"modified": "2025-04-20T03:46:06Z",
"published": "2022-05-13T01:43:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14933"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22210"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=33e0a9a056bd23e923b929a4f2ab049ade0b1c32"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QX86-33WW-3474
Vulnerability from github – Published: 2023-11-01 12:30 – Updated: 2023-11-01 12:30Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".
{
"affected": [],
"aliases": [
"CVE-2023-1718"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-01T10:15:09Z",
"severity": "HIGH"
},
"details": "\nImproper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted \"tmp_url\".\n\n\n\n\n\n",
"id": "GHSA-qx86-33ww-3474",
"modified": "2023-11-01T12:30:19Z",
"published": "2023-11-01T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1718"
},
{
"type": "WEB",
"url": "https://starlabs.sg/advisories/23/23-1718"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXMF-M5MX-7VX7
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).
On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.
This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.
This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:
- all versions before 21.2R3-S10,
- from 21.4 before 21.4R3-S12,
- from 22.4 before 22.4R3-S8,
- from 23.2 before 23.2R2-S5,
- from 23.4 before 23.4R2-S6,
- from 24.2 before 24.2R2-S3,
- from 24.4 before 24.4R2-S1,
- from 25.2 before 25.2R1-S1, 25.2R2.
{
"affected": [],
"aliases": [
"CVE-2026-21905"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:05Z",
"severity": "HIGH"
},
"details": "A Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).\n\nOn SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.\n\nThis issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.\n\nThis issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:\n\n\n\n * all versions before 21.2R3-S10,\u00a0\n * from 21.4 before 21.4R3-S12,\u00a0\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2.",
"id": "GHSA-qxmf-m5mx-7vx7",
"modified": "2026-01-15T21:31:48Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21905"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA106004"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA106004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-QXWX-HR5V-H5Q4
Vulnerability from github – Published: 2026-07-03 09:31 – Updated: 2026-07-07 18:30An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client.
{
"affected": [],
"aliases": [
"CVE-2026-11352"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T07:16:23Z",
"severity": "HIGH"
},
"details": "An issue in curl\u2019s QUIC UDP receive function allows a malicious HTTP/3 server\nto trigger a remote denial of service against a curl or libcurl client.\nBecause the helper function discards zero-length UDP datagrams before counting\nthem toward the per-call packet budget, a connected QUIC peer can continuously\nstream empty datagrams to indefinitely stall the client.",
"id": "GHSA-qxwx-hr5v-h5q4",
"modified": "2026-07-07T18:30:33Z",
"published": "2026-07-03T09:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11352"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3783438"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2026-11352.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2026-11352.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R2HQ-55RV-R3G7
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-2909"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-07T16:29:00Z",
"severity": "HIGH"
},
"details": "An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.",
"id": "GHSA-r2hq-55rv-r3g7",
"modified": "2022-05-13T01:01:13Z",
"published": "2022-05-13T01:01:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2909"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R4V2-QG7M-3XRH
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.
{
"affected": [],
"aliases": [
"CVE-2021-27565"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-19T12:15:00Z",
"severity": "HIGH"
},
"details": "The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.",
"id": "GHSA-r4v2-qg7m-3xrh",
"modified": "2022-05-24T19:11:41Z",
"published": "2022-05-24T19:11:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27565"
},
{
"type": "WEB",
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack"
},
{
"type": "WEB",
"url": "https://www.hcc-embedded.com"
},
{
"type": "WEB",
"url": "https://www.hcc-embedded.com/about/about-interniche"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R4VQ-5VWR-W52J
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-23 00:00libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
{
"affected": [],
"aliases": [
"CVE-2022-35166"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T05:15:00Z",
"severity": "MODERATE"
},
"details": "libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.",
"id": "GHSA-r4vq-5vwr-w52j",
"modified": "2022-08-23T00:00:18Z",
"published": "2022-08-19T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35166"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/76"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R52X-QXPQ-PV5M
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
sched/rt: Skip currently executing CPU in rto_next_cpu()
CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load balancing (LB) is triggered; with HAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution of rto_push_irq_work_func. During push_rt_task on CPU0, if next_task->prio < rq->donor->prio, resched_curr() sets NEED_RESCHED and after the push operation completes, CPU0 calls rto_next_cpu(). Since only CPU0 is overloaded in this scenario, rto_next_cpu() should ideally return -1 (no further IPI needed).
However, multiple CPUs invoking tell_cpu_to_push() during LB increments rd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between rd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its search from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory && rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to itself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and other CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop, which triggers a CPU hardlockup due to continuous self-interrupts.
The trigging scenario is as follows:
cpu0 cpu1 cpu2
pull_rt_task
tell_cpu_to_push
<------------irq_work_queue_on
rto_push_irq_work_func push_rt_task resched_curr(rq) pull_rt_task rto_next_cpu tell_cpu_to_push <-------------------------- atomic_inc(rto_loop_next) rd->rto_loop != next rto_next_cpu irq_work_queue_on rto_push_irq_work_func
Fix redundant self-IPI by filtering the initiating CPU in rto_next_cpu(). This solution has been verified to effectively eliminate spurious self-IPIs and prevent CPU hardlockup scenarios.
{
"affected": [],
"aliases": [
"CVE-2026-45919"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Skip currently executing CPU in rto_next_cpu()\n\nCPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound\nRT task, and a CFS task stuck in kernel space. When other CPUs switch from\nRT to non-RT tasks, RT load balancing (LB) is triggered; with\nHAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution\nof rto_push_irq_work_func. During push_rt_task on CPU0,\nif next_task-\u003eprio \u003c rq-\u003edonor-\u003eprio, resched_curr() sets NEED_RESCHED\nand after the push operation completes, CPU0 calls rto_next_cpu().\nSince only CPU0 is overloaded in this scenario, rto_next_cpu() should\nideally return -1 (no further IPI needed).\n\nHowever, multiple CPUs invoking tell_cpu_to_push() during LB increments\nrd-\u003erto_loop_next. Even when rd-\u003erto_cpu is set to -1, the mismatch between\nrd-\u003erto_loop and rd-\u003erto_loop_next forces rto_next_cpu() to restart its\nsearch from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory\n\u0026\u0026 rt_nr_total \u003e 1), it gets reselected, causing CPU0 to queue irq_work to\nitself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and\nother CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop,\nwhich triggers a CPU hardlockup due to continuous self-interrupts.\n\nThe trigging scenario is as follows:\n\n cpu0 cpu1 cpu2\n pull_rt_task\n tell_cpu_to_push\n \u003c------------irq_work_queue_on\nrto_push_irq_work_func\n push_rt_task\n resched_curr(rq) pull_rt_task\n rto_next_cpu tell_cpu_to_push\n \u003c-------------------------- atomic_inc(rto_loop_next)\nrd-\u003erto_loop != next\n rto_next_cpu\n irq_work_queue_on\nrto_push_irq_work_func\n\nFix redundant self-IPI by filtering the initiating CPU in rto_next_cpu().\nThis solution has been verified to effectively eliminate spurious self-IPIs\nand prevent CPU hardlockup scenarios.",
"id": "GHSA-r52x-qxpq-pv5m",
"modified": "2026-06-24T18:32:28Z",
"published": "2026-05-27T15:33:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45919"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16ca9f3117e9a294646c897daf08a5ab546c711b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b3c672a66db3de3b40f8a7057864bc1f874ede3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52aeb1e07ec223caf212f036817976c98d2aa250"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ad5577b2d4acfd83f03d97a0aece2d18aac5f07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94894c9c477e53bcea052e075c53f89df3d2a33e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f25edc5a20cb52a5abbf25f0724bb4732b81801"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6a73403733e86748421f2eeaf028c85683ef896"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d57d0746276a88ea43a2cc62b849fd8a95e32e41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R649-M379-RRF8
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).
{
"affected": [],
"aliases": [
"CVE-2021-29365"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T16:15:00Z",
"severity": "MODERATE"
},
"details": "Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).",
"id": "GHSA-r649-m379-rrf8",
"modified": "2022-05-24T19:15:58Z",
"published": "2022-05-24T19:15:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29365"
},
{
"type": "WEB",
"url": "https://github.com/moshekaplan/Research/tree/main/IrfanView"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.