CWE-835— Loop with Unreachable Exit Condition (Infinite Loop)
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.— MITRE CWE catalog
730 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-835page 13 of 15
- CVE-2025-41075HIGHCVSS 7.5EG 7.52025-11-20
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resourc…
- CVE-2025-42954LOWCVSS 2.7EG 2.72025-07-08
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation…
- CVE-2025-48879MEDIUMCVSS 6.5EG 6.52025-06-10
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become u…
- CVE-2025-51986HIGHCVSS 7.5EG 7.52025-08-14
An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.
- CVE-2025-53015HIGHCVSS 7.5EG 7.52025-07-14
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
- CVE-2025-53628HIGHCVSS 8.8EG 8.82025-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerabili…
- CVE-2025-5399HIGHCVSS 7.5EG 7.52025-06-07
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other t…
- CVE-2025-55118HIGHCVSS 8.9EG 8.92025-09-16
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting …
- CVE-2025-58190MEDIUMCVSS 5.3EG 5.32026-02-05
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-60753MEDIUMCVSS 5.5EG 5.52025-11-05
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (O…
- CVE-2025-6365HIGHCVSS 7.5EG 5.72025-06-20
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads…
- CVE-2025-63829HIGHCVSS 7.5EG 5.32025-11-18
eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
- CVE-2025-64438HIGHCVSS 7.5EG 7.52026-02-03
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast…
- CVE-2025-66252HIGHCVSS 7.5EG 7.52025-11-26
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when u…
- CVE-2025-68137HIGHCVSS 8.3EG 8.32026-01-21
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaini…
- CVE-2025-69227HIGHCVSS 7.5EG 7.52026-01-06
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If op…
- CVE-2025-7054MEDIUMCVSS 6.5EG 6.52025-08-07
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatr…
- CVE-2025-71265MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service…
- CVE-2025-71266MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condi…
- CVE-2025-71267MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) conditio…
- CVE-2025-71319HIGHCVSS 7.5EG 7.52025-04-02
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-ty…
- CVE-2025-71329HIGHCVSS 7.5EG 7.52026-06-10
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-ty…
- CVE-2025-71330HIGHCVSS 7.5EG 7.52026-06-10
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing …
- CVE-2025-8194HIGHCVSS 7.5EG 7.52025-07-28
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop a…
- CVE-2026-0619MEDIUMCVSS 6.0EG 6.02026-02-12
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
- CVE-2026-0960MEDIUMCVSS 4.7EG 4.72026-01-14
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
- CVE-2026-10028MEDIUMCVSS 4.3EG 4.32026-05-28
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate …
- CVE-2026-10642MEDIUMCVSS 6.5EG 6.52026-06-24
The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit (PL011_IMSC_TXIM) is …
- CVE-2026-11352HIGHCVSS 7.5EG 7.52026-07-03
An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them tow…
- CVE-2026-14258MEDIUMCVSS 6.5EG 6.52026-07-01
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be…
- CVE-2026-15163HIGHCVSS 7.5EG 5.52026-07-08
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
- CVE-2026-21507HIGHCVSS 7.5EG 7.52026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.
- CVE-2026-21905HIGHCVSS 7.5EG 7.52026-01-15
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attac…
- CVE-2026-2219HIGHCVSS 7.5EG 7.52026-03-07
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (inf…
- CVE-2026-23082MEDIUMCVSS 5.5EG 5.52026-02-04
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory …
- CVE-2026-23109MEDIUMCVSS 5.5EG 5.52026-02-04
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeb…
- CVE-2026-23220MEDIUMCVSS 5.5EG 5.52026-02-18
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In __proc…
- CVE-2026-23298MEDIUMCVSS 5.5EG 5.52026-03-25
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forev…
- CVE-2026-23409MEDIUMCVSS 5.5EG 5.52026-04-01
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-e…
- CVE-2026-23451HIGHCVSS 7.5EG 7.52026-04-03
In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points t…
- CVE-2026-23472MEDIUMCVSS 5.5EG 5.52026-04-03
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmit_buf is NULL (which happens for PORT_UN…
- CVE-2026-23874MEDIUMCVSS 5.5EG 5.52026-01-20
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL…
- CVE-2026-24688MEDIUMCVSS 4.3EG 4.32026-01-27
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/b…
- CVE-2026-24802MEDIUMCVSS 5.3EG 5.32026-01-27
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affec…
- CVE-2026-24803CRITICALCVSS 9.2EG 9.22026-01-27
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C. This issue af…
- CVE-2026-24804CRITICALCVSS 9.2EG 9.22026-01-27
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C. This issue affects l…
- CVE-2026-24816CRITICALCVSS 10.0EG 10.02026-01-27
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java. …
- CVE-2026-24831HIGHCVSS 7.5EG 7.52026-01-27
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
- CVE-2026-25533HIGHCVSS 8.8EG 8.82026-02-06
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the har…
- CVE-2026-26066MEDIUMCVSS 6.2EG 6.22026-02-24
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`…
Map vulnerabilities like CWE-835 to your infrastructure
EchelonGraph correlates every CVE — across CWE-835 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →