Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32287

Summary
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
Published At-26 Mar, 2026 | 19:40
Updated At-30 Mar, 2026 | 14:55
Rejected At-
Credits

Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ŒCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Go
Assigner Org ID:1bb62c36-49e3-4200-9d77-64a1400537cc
Published At:26 Mar, 2026 | 19:40
Updated At:30 Mar, 2026 | 14:55
Rejected At:
â–ŒCVE Numbering Authority (CNA)
Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

Affected Products
Vendor
github.com/antchfx/xpath
Product
github.com/antchfx/xpath
Collection URL
https://pkg.go.dev
Package Name
github.com/antchfx/xpath
Program Routines
  • logicalQuery.Select
  • Expr.Evaluate
  • NodeIterator.MoveNext
  • ancestorQuery.Evaluate
  • ancestorQuery.Select
  • attributeQuery.Evaluate
  • attributeQuery.Select
  • booleanQuery.Evaluate
  • booleanQuery.Select
  • cachedChildQuery.Evaluate
  • cachedChildQuery.Select
  • childQuery.Evaluate
  • childQuery.Select
  • descendantOverDescendantQuery.Evaluate
  • descendantOverDescendantQuery.Select
  • descendantQuery.Evaluate
  • descendantQuery.Select
  • filterQuery.Evaluate
  • filterQuery.Select
  • followingQuery.Evaluate
  • followingQuery.Select
  • functionQuery.Evaluate
  • groupQuery.Evaluate
  • groupQuery.Select
  • lastFuncQuery.Evaluate
  • logicalQuery.Evaluate
  • mergeQuery.Evaluate
  • mergeQuery.Select
  • numericQuery.Evaluate
  • parentQuery.Evaluate
  • parentQuery.Select
  • precedingQuery.Evaluate
  • precedingQuery.Select
  • selfQuery.Evaluate
  • selfQuery.Select
  • transformFunctionQuery.Evaluate
  • transformFunctionQuery.Select
  • unionQuery.Evaluate
  • unionQuery.Select
Default Status
unaffected
Versions
Affected
  • From 0 before 1.3.6 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Type: N/A
CWE ID: N/A
Description: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/antchfx/xpath/issues/121
N/A
https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494
N/A
https://github.com/golang/vulndb/issues/4526
N/A
https://pkg.go.dev/vuln/GO-2026-4526
N/A
Hyperlink: https://github.com/antchfx/xpath/issues/121
Resource: N/A
Hyperlink: https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494
Resource: N/A
Hyperlink: https://github.com/golang/vulndb/issues/4526
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2026-4526
Resource: N/A
â–ŒAuthorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select
exploit
Hyperlink: https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select
Resource:
exploit
Information is not available yet
â–ŒNational Vulnerability Database (NVD)
nvd.nist.gov
Source:security@golang.org
Published At:26 Mar, 2026 | 20:16
Updated At:21 Apr, 2026 | 15:33

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
antchfx
antchfx
>>xpath>>Versions before 1.3.6(exclusive)
cpe:2.3:a:antchfx:xpath:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarynvd@nist.gov
CWE ID: CWE-835
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494security@golang.org
Patch
https://github.com/antchfx/xpath/issues/121security@golang.org
Issue Tracking
Third Party Advisory
https://github.com/golang/vulndb/issues/4526security@golang.org
Issue Tracking
Third Party Advisory
https://pkg.go.dev/vuln/GO-2026-4526security@golang.org
Third Party Advisory
https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494
Source: security@golang.org
Resource:
Patch
Hyperlink: https://github.com/antchfx/xpath/issues/121
Source: security@golang.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/golang/vulndb/issues/4526
Source: security@golang.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://pkg.go.dev/vuln/GO-2026-4526
Source: security@golang.org
Resource:
Third Party Advisory
Hyperlink: https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

266Records found
CVE-2020-15598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.24%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 13:38
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit

Action-Not Available
Vendor-owaspn/aDebian GNU/Linux
Product-debian_linuxmodsecurityn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-42524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 39.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-43511
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.10%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_x20_lte_modemsd865_5gqca6595snapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformapq8092qca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareipq8078a_firmwareqca6564_firmwareqam8295pwcd9341snapdragon_x12_lte_modemwsa8810_firmwareqca1990_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcn9000sd821snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformsd821_firmwareimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresd820snapdragon_768g_5g_mobile_platformqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa6155p_firmwaremdm9640_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420qca6174_firmwaresnapdragon_7c_gen_2_compute_platform_firmwarewcn3910apq8064au_firmwarecsrb31024qca9367snapdragon_845_mobile_platformmdm9250_firmwareqcc2076snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574aqca6174aqca6584_firmwareqca9898_firmwarewcd9340qcs8250_firmwareqcm2290snapdragon_630_mobile_platform_firmwaresnapdragon_820_automotive_platform_firmwareqcn6122_firmwareqcn5154_firmwareipq8074sm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988qcn5122_firmwarepmp8074qcn9024snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformhome_hub_100_platformqca2066_firmwareqca8082qcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwaresmart_audio_200_platform_firmwareqcc2073msm8996auqrb5165m_firmwaremdm9645snapdragon_678_mobile_platform_firmwareqca9985snapdragon_x5_lte_modemipq8071aapq8064auqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwareimmersive_home_326_platform_firmwareqca6438_firmwaresnapdragon_750g_5g_mobile_platformqcn9072ipq4028_firmwareqcn6224_firmwareqca6431sd660_firmwareqca8082_firmwareqca9379_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqca9992_firmwareqca6428qca9990ipq8070ipq9008_firmwareqcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresnapdragon_845_mobile_platform_firmwaresd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformipq8069ipq8065qca6310_firmwarefastconnect_6800qcs7230snapdragon_685_4g_mobile_platform_firmwarewcd9371qcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarehome_hub_100_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaremdm9645_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_865\+_5g_mobile_platformqca2065_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqca6175a_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3615qca9367_firmwareqca8084_firmwarewcn3999_firmwareqcn7605_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqca6430mdm9650snapdragon_auto_5g_modem-rfssg2125p9206_lte_modem_firmwarecsra6640_firmwareimmersive_home_326_platformqam8650p_firmwareqcn9013_firmwarevideo_collaboration_vc5_platformqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwareapq8094_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660mdm9628wsa8815qam8775pqca9377qcm4325_firmwareipq8069_firmwareqcm4290_firmwareqca9888_firmwareqca9889qca6175aqca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_820_mobile_platform_firmwareqcs8550ipq8068_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwareqca1023sa8145pimmersive_home_316_platformsd_675qca2066snapdragon_888\+_5g_mobile_platform_firmwarecsr8811qcm8550_firmwareapq8017qcs410_firmwaresa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120vision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696snapdragon_808_processorwcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640qcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwaresdx20mqca9886_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformqcn6132_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_821_mobile_platform_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490mdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqcm6125csr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012mdm9650_firmwaresnapdragon_821_mobile_platformwcd9371_firmwareqcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca4531_firmwaresdx65mwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195psnapdragon_810_processorqca6335_firmwareqcm6490immersive_home_316_platform_firmwareimmersive_home_3210_platformsnapdragon_810_processor_firmwareqcn9274qca9379ipq8076a_firmwareipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformipq4029_firmwareqcn9011qcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqca1023_firmwareqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072aqca6564sa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresmart_audio_200_platformsd670sa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsnapdragon_820_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformapq8094fastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarewcn3990qca6428_firmwareqcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250ipq9554_firmwaresnapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwaresnapdragon_808_processor_firmwareqca6678aqsnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareqca9898ipq9008ipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformsd_455_firmwareqcn9013ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_1200_wearable_platform_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwareflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwareqcs6125snapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwareqca8085_firmwaresd_455qca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070aapq8017_firmwarewcd9380ipq4028qam8255psa6145p_firmwaresa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemmsm8996au_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qam8295p_firmwaresd855wcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6564a_firmwaresdx20m_firmwareqca9994qsm8350wcd9385wcd9330sd662wcn3610_firmwareqcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareipq4018snapdragon_865\+_5g_mobile_platform_firmwaresd820_firmwaresg8275psm6250psdx55_firmwareipq8071a_firmwareqca6438wcn3615_firmwareqca6554a_firmwaresxr2130ipq6028qcm4490snapdragon_636_mobile_platformqcn9100snapdragon_xr2\+_gen_1_platformipq4029qca6174a_firmwaresm7325pqca1990snapdragon_855_mobile_platform_firmwareaqt1000_firmwareipq4018_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwareipq8074_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwareapq8092_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwaremdm9628_firmwareqca6797aqqcn5152ipq8065_firmwarevision_intelligence_400_platform9206_lte_modemqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca4531qca6391qca8386ipq8173_firmwareqcn9012_firmwareqca6584snapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_820_automotive_platformsnapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-40458
Matching Score-4
Assigner-Sierra Wireless Inc.
ShareView Details
Matching Score-4
Assigner-Sierra Wireless Inc.
CVSS Score-7.5||HIGH
EPSS-0.82% / 52.53%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 22:58
Updated-02 Aug, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AceManager DOS Vulnerability

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.

Action-Not Available
Vendor-sierrawirelesssierrawireless
Product-aleosALEOS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-15466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.10% / 86.07%
||
7 Day CHG~0.00%
Published-05 Jul, 2020 | 10:04
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-38197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 60.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 00:00
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

Action-Not Available
Vendor-qtn/aqtFedora Project
Product-qtn/aqtfedora
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-3748
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.66% / 46.95%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Sep, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Action-Not Available
Vendor-frroutingn/aRed Hat, Inc.Fedora Project
Product-frroutingRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8frrFedora
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.80%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 13:05
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.76% / 84.34%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-23596
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.22%
||
7 Day CHG+0.02%
Published-01 Feb, 2022 | 11:52
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in junrar

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

Action-Not Available
Vendor-junrar_projectn/a
Product-junrarn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-23968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.90% / 76.98%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 05:01
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."

Action-Not Available
Vendor-n/aXerox Corporation
Product-versalink_c505versalink_c400versalink_b7025versalink_c7000versalink_c605versalink_c9000versalink_firmwareversalink_b7030versalink_b600versalink_c8000versalink_c8000wversalink_b400versalink_c7020versalink_b610versalink_c7025versalink_b405versalink_c500versalink_c600versalink_c405versalink_c7030versalink_b7035n/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-35933
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.92% / 55.67%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 19:26
Updated-03 Dec, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenFGA denial of service die to circular relationship

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.

Action-Not Available
Vendor-openfgaopenfga
Product-openfgaopenfga
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.80%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 13:04
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-23098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.48% / 82.58%
||
7 Day CHG+0.04%
Published-28 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/Linux
Product-connmandebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-7263
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 18.37%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 04:43
Updated-12 May, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack via DOMNode::C14N()

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

Action-Not Available
Vendor-The PHP Group
Product-phpPHP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.44%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 19:22
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Action-Not Available
Vendor-n/aFedora ProjectGo
Product-textfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13935
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-87.55% / 99.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 15:00
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxMcAfee, LLCNetApp, Inc.The Apache Software FoundationopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxepolicy_orchestratorsiebel_ui_frameworkcommunications_instant_messaging_serveragile_engineering_data_managementagile_plmcommerce_guided_searchcommunications_cloud_native_core_policymanaged_file_transferdebian_linuxblockchain_platformmysql_enterprise_monitorinstantis_enterprisetrackoncommand_system_managertomcatfmw_platformworkload_managerleapApache Tomcat
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.51%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:48
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-6520
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 05:34
Updated-01 May, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-6519
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 05:33
Updated-01 May, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.20%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 18:24
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed_osn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.01% / 85.70%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:36
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

Action-Not Available
Vendor-contiki-osn/a
Product-contikin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-21159
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.75% / 74.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 16:00
Updated-15 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.

Action-Not Available
Vendor-mz-automationMZ Automation GmbH
Product-libiec61850libiec61850
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-2879
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.59% / 72.59%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Debian GNU/LinuxWireshark Foundation
Product-debian_linuxwiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.68% / 73.91%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:34
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

Action-Not Available
Vendor-contiki-osn/a
Product-contikin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-27560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.39%
||
7 Day CHG+0.01%
Published-03 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.

Action-Not Available
Vendor-phpseclibn/a
Product-phpseclibn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-34966
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-62.02% / 99.07%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:56
Updated-20 Nov, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: infinite loop in mdssvc rpc service for spotlight

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectDebian GNU/LinuxSamba
Product-sambadebian_linuxfedoraenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Storage 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-26151
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.35%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-20 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

Action-Not Available
Vendor-freeopcuan/a
Product-opcua-asyncioasyncua
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-47066
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-8.7||HIGH
EPSS-0.70% / 48.57%
||
7 Day CHG+0.03%
Published-25 May, 2026 | 14:00
Updated-27 May, 2026 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.

Action-Not Available
Vendor-benoitcbenoitc
Product-hackneyhackney
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-42525
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 39.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-23617
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.99% / 57.90%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 23:24
Updated-10 Mar, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenMage LTS has DoS vulnerability in MaliciousCode filter

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.

Action-Not Available
Vendor-openmageOpenMage
Product-magentomagento-lts
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-0711
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-16.19% / 96.53%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 21:59
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Action-Not Available
Vendor-haproxyn/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxsoftware_collectionsopenshift_container_platformenterprise_linuxhaproxyhaproxy
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-0586
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-2.02% / 78.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxWireshark Foundation
Product-fedoradebian_linuxwiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 87.94%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:48
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.52%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 13:06
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-1718
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
ShareView Details
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
CVSS Score-7.5||HIGH
EPSS-24.08% / 97.56%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 09:04
Updated-05 Sep, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

Action-Not Available
Vendor-Bitrix24
Product-bitrix24Bitrix24
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-44302
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 21:33
Updated-18 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snappier: Infinite loop in SnappyStream decompression on malformed framed input

Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1.

Action-Not Available
Vendor-brantburnett
Product-Snappier
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-1108
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.77% / 75.31%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 14:48
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: infinite loop in sslconduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.
Product-single_sign-onintegration_camel_kopenshift_application_runtimesopenshift_container_platformenterprise_linuxoncommand_workflow_automationjboss_enterprise_application_platform_expansion_packopenstack_platformbuild_of_quarkusdecision_managerintegration_service_registryprocess_automationundertowopenshift_container_platform_for_powerjboss_enterprise_application_platformopenshift_container_platform_for_linuxonefuseRed Hat Single Sign-On 7.6 for RHEL 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Fuse 7.12Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat support for Spring Boot 2.7.13RHEL-8 based Middleware ContainersRed Hat Integration Service RegistryEAP 7.4.10 releaseRed Hat Integration Camel QuarkusRed Hat Integration Camel KRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7RHPAM 7.13.1 asyncRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat Single Sign-On 7.6 for RHEL 8Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat OpenStack Platform 13 (Queens)Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-42920
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.58%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 14:12
Updated-18 Jun, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP DTLS Vulnerability

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerbig-ip_container_ingress_servicesbig-ip_global_traffic_managerbig-ip_link_controllerbig-ip_application_acceleration_managerbig-ip_webacceleratorbig-ip_websafebig-ip_advanced_web_application_firewallbig-ip_ddos_hybrid_defenderbig-ip_application_visibility_and_reportingbig-ip_edge_gatewaybig-ip_analyticsbig-ip_advanced_firewall_managerbig-ip_domain_name_systembig-ip_access_policy_managerbig-ip_local_traffic_managerbig-ip_fraud_protection_servicebig-ip_automation_toolchainbig-ip_carrier-grade_natbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerBIG-IP
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-10675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.47% / 82.46%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 13:27
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

Action-Not Available
Vendor-jsonparser_projectn/aFedora Project
Product-fedorajsonparsern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-58261
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.34% / 26.40%
||
7 Day CHG~0.00%
Published-27 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

Action-Not Available
Vendor-sequoia-pgpsequoia-pgp
Product-sequoia-openpgpsequoia
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-48256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.02%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.

Action-Not Available
Vendor-technitiumn/a
Product-dns_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-46285
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.28% / 66.44%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-libxpmlibXpm
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-44617
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.25% / 65.55%
||
7 Day CHG+0.01%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-libxpmlibXpm
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-42899
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 63.63%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-.netlinux_kernelmacoswindows.NET 8.0.NET 10.0.NET 9.0
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-46828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.09% / 79.21%
||
7 Day CHG+0.01%
Published-20 Jul, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Action-Not Available
Vendor-libtirpc_projectn/aDebian GNU/Linux
Product-libtirpcdebian_linuxn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-8741
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.40% / 81.93%
||
7 Day CHG~0.00%
Published-28 Feb, 2020 | 13:01
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-4111
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.18%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:45
Updated-10 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat OpenShift Container Platform 4.16Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Discovery 2Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Update Infrastructure 5Red Hat Enterprise Linux 6Red Hat AI Inference Server 3.2Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4.19Red Hat Insights proxy 1.5Red Hat AI Inference Server 3.3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-45445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.38%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 17:44
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.

Action-Not Available
Vendor-unisysn/a
Product-clearpath_mcp_tcp\/ip_networking_servicesn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-39052
Matching Score-4
Assigner-OTRS AG
ShareView Details
Matching Score-4
Assigner-OTRS AG
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.43%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 08:55
Updated-10 May, 2025 | 02:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack using email

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system

Action-Not Available
Vendor-OTRS AG
Product-otrs((OTRS)) Community EditionOTRS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found