Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47066

Summary
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At-25 May, 2026 | 14:00
Updated At-27 May, 2026 | 15:40
Rejected At-
Credits

Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:EEF
Assigner Org ID:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:25 May, 2026 | 14:00
Updated At:27 May, 2026 | 15:40
Rejected At:
â–¼CVE Numbering Authority (CNA)
Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.

Affected Products
Vendor
benoitc
Product
hackney
Collection URL
https://repo.hex.pm
Package Name
hackney
Repo
https://github.com/benoitc/hackney
CPEs
  • cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
Modules
  • hackney_altsvc
Program Files
  • src/hackney_altsvc.erl
Program Routines
  • hackney_altsvc:parse_entries/2
  • hackney_altsvc:parse_entry/1
  • hackney_altsvc:parse_protocol/1
  • hackney_altsvc:parse_token/2
  • hackney_altsvc:skip_comma/1
Default Status
unaffected
Versions
Affected
  • From 2.0.0-beta.1 before 4.0.1 (semver)
Vendor
benoitc
Product
hackney
Collection URL
https://github.com
Package Name
benoitc/hackney
Repo
https://github.com/benoitc/hackney
CPEs
  • cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
Modules
  • hackney_altsvc
Program Files
  • src/hackney_altsvc.erl
Program Routines
  • hackney_altsvc:parse_entries/2
  • hackney_altsvc:parse_entry/1
  • hackney_altsvc:parse_protocol/1
  • hackney_altsvc:parse_token/2
  • hackney_altsvc:skip_comma/1
Default Status
unaffected
Versions
Affected
  • From 408e5fe20302226ea8c74dde2bcbd452d712b5b2 before e548aba1f97ffa3f4750da7b772998fb78c01894 (git)
Problem Types
TypeCWE IDDescription
CWECWE-835CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Type: CWE
CWE ID: CWE-835
Description: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-130CAPEC-130 Excessive Allocation
CAPEC ID: CAPEC-130
Description: CAPEC-130 Excessive Allocation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Peter Ullrich
remediation developer
Benoit Chesneau
analyst
Jonatan Männchen / EEF
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
vendor-advisory
related
https://cna.erlef.org/cves/CVE-2026-47066.html
related
https://osv.dev/vulnerability/EEF-CVE-2026-47066
related
https://github.com/benoitc/hackney/commit/e548aba1f97ffa3f4750da7b772998fb78c01894
patch
Hyperlink: https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
Resource:
vendor-advisory
related
Hyperlink: https://cna.erlef.org/cves/CVE-2026-47066.html
Resource:
related
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-47066
Resource:
related
Hyperlink: https://github.com/benoitc/hackney/commit/e548aba1f97ffa3f4750da7b772998fb78c01894
Resource:
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
exploit
Hyperlink: https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:25 May, 2026 | 15:16
Updated At:27 May, 2026 | 13:54

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace, non-comma byte (e.g. !, @, =, ;), it returns the input unchanged. skip_comma/1 also returns the buffer unchanged when the first byte is not a comma. parse_entries/2 then recurses with identical data, creating a tight infinite tail-recursive loop that pins a scheduler at 100% CPU. The calling process never returns. The entry point parse_and_cache/3 is called synchronously in the connection process on every HTTP response. A single-byte Alt-Svc: ! response header is sufficient to trigger the hang; the header is fully controlled by any HTTP origin the client connects to. This issue affects hackney: from 2.0.0-beta.1 before 4.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
benoitc
benoitc
>>hackney>>Versions from 2.0.0(inclusive) to 4.0.1(exclusive)
cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Secondary6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE ID: CWE-835
Type: Secondary
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cna.erlef.org/cves/CVE-2026-47066.html6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Third Party Advisory
Patch
https://github.com/benoitc/hackney/commit/e548aba1f97ffa3f4750da7b772998fb78c018946b3ad84c-e1a6-4bf7-a703-f496b71e49db
Patch
https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Exploit
Vendor Advisory
Patch
https://osv.dev/vulnerability/EEF-CVE-2026-470666b3ad84c-e1a6-4bf7-a703-f496b71e49db
Third Party Advisory
Patch
https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Patch
Hyperlink: https://cna.erlef.org/cves/CVE-2026-47066.html
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Third Party Advisory
Patch
Hyperlink: https://github.com/benoitc/hackney/commit/e548aba1f97ffa3f4750da7b772998fb78c01894
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Patch
Hyperlink: https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Exploit
Vendor Advisory
Patch
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-47066
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Third Party Advisory
Patch
Hyperlink: https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory
Patch

Change History

0
Information is not available yet

Similar CVEs

270Records found
CVE-2020-28095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-30 Dec, 2020 | 20:53
Updated-07 Jul, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-28030
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 81.05%
||
7 Day CHG+0.38%
Published-30 Oct, 2020 | 20:02
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-682
Incorrect Calculation
CVE-2020-25574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 83.20%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 18:16
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

Action-Not Available
Vendor-hypern/a
Product-httpn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-26575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 84.80%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:57
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWireshark FoundationOracle CorporationFedora Project
Product-zfs_storage_appliance_firmwarezfs_storage_appliancedebian_linuxfedorawiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-24337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.78%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 22:44
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.

Action-Not Available
Vendor-altrann/a
Product-picotcppicotcp-ngn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-24944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.51%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 20:13
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.

Action-Not Available
Vendor-privateoctopusn/a
Product-picoquicn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-0211
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.15%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 07:31
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-6245
Matching Score-4
Assigner-DFINITY Foundation
ShareView Details
Matching Score-4
Assigner-DFINITY Foundation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.19%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 14:26
Updated-02 Dec, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

Action-Not Available
Vendor-dfinityInternet Computer
Product-candidCandid
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CWE ID-CWE-168
Improper Handling of Inconsistent Special Elements
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-17444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.78%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 22:32
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.

Action-Not Available
Vendor-altrann/a
Product-picotcpn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-37013
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.81%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.

Action-Not Available
Vendor-unified-automationUnified Automation
Product-opc_ua_c\+\+_demo_serverOPC UA C++ Demo Server
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-15466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 70.63%
||
7 Day CHG~0.00%
Published-05 Jul, 2020 | 10:04
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-15598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.79% / 88.26%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 13:38
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit

Action-Not Available
Vendor-owaspn/aDebian GNU/Linux
Product-debian_linuxmodsecurityn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-16845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.91%
||
7 Day CHG~0.00%
Published-06 Aug, 2020 | 17:03
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectGoopenSUSE
Product-godebian_linuxfedoraleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 84.91%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.24%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 13:04
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-45232
Matching Score-4
Assigner-TianoCore.org
ShareView Details
Matching Score-4
Assigner-TianoCore.org
CVSS Score-7.5||HIGH
EPSS-0.46% / 64.52%
||
7 Day CHG-0.02%
Published-16 Jan, 2024 | 16:12
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in EDK II Network Package

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Action-Not Available
Vendor-tianocoreTianoCore
Product-edk2edk2
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.24%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 13:05
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.33%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:36
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

Action-Not Available
Vendor-contiki-osn/a
Product-contikin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 19:22
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Action-Not Available
Vendor-n/aFedora ProjectGo
Product-textfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-43511
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.76%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_x20_lte_modemsd865_5gqca6595snapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformapq8092qca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareipq8078a_firmwareqca6564_firmwareqam8295pwcd9341snapdragon_x12_lte_modemwsa8810_firmwareqca1990_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcn9000sd821snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformsd821_firmwareimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresd820snapdragon_768g_5g_mobile_platformqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa6155p_firmwaremdm9640_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420qca6174_firmwaresnapdragon_7c_gen_2_compute_platform_firmwarewcn3910apq8064au_firmwarecsrb31024qca9367snapdragon_845_mobile_platformmdm9250_firmwareqcc2076snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574aqca6174aqca6584_firmwareqca9898_firmwarewcd9340qcs8250_firmwareqcm2290snapdragon_630_mobile_platform_firmwaresnapdragon_820_automotive_platform_firmwareqcn6122_firmwareqcn5154_firmwareipq8074sm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988qcn5122_firmwarepmp8074qcn9024snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformhome_hub_100_platformqca2066_firmwareqca8082qcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwaresmart_audio_200_platform_firmwareqcc2073msm8996auqrb5165m_firmwaremdm9645snapdragon_678_mobile_platform_firmwareqca9985snapdragon_x5_lte_modemipq8071aapq8064auqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwareimmersive_home_326_platform_firmwareqca6438_firmwaresnapdragon_750g_5g_mobile_platformqcn9072ipq4028_firmwareqcn6224_firmwareqca6431sd660_firmwareqca8082_firmwareqca9379_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqca9992_firmwareqca6428qca9990ipq8070ipq9008_firmwareqcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresnapdragon_845_mobile_platform_firmwaresd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformipq8069ipq8065qca6310_firmwarefastconnect_6800qcs7230snapdragon_685_4g_mobile_platform_firmwarewcd9371qcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarehome_hub_100_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaremdm9645_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_865\+_5g_mobile_platformqca2065_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqca6175a_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3615qca9367_firmwareqca8084_firmwarewcn3999_firmwareqcn7605_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqca6430mdm9650snapdragon_auto_5g_modem-rfssg2125p9206_lte_modem_firmwarecsra6640_firmwareimmersive_home_326_platformqam8650p_firmwareqcn9013_firmwarevideo_collaboration_vc5_platformqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwareapq8094_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660mdm9628wsa8815qam8775pqca9377qcm4325_firmwareipq8069_firmwareqcm4290_firmwareqca9888_firmwareqca9889qca6175aqca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_820_mobile_platform_firmwareqcs8550ipq8068_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwareqca1023sa8145pimmersive_home_316_platformsd_675qca2066snapdragon_888\+_5g_mobile_platform_firmwarecsr8811qcm8550_firmwareapq8017qcs410_firmwaresa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120vision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696snapdragon_808_processorwcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640qcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwaresdx20mqca9886_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformqcn6132_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_821_mobile_platform_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490mdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqcm6125csr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012mdm9650_firmwaresnapdragon_821_mobile_platformwcd9371_firmwareqcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca4531_firmwaresdx65mwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195psnapdragon_810_processorqca6335_firmwareqcm6490immersive_home_316_platform_firmwareimmersive_home_3210_platformsnapdragon_810_processor_firmwareqcn9274qca9379ipq8076a_firmwareipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformipq4029_firmwareqcn9011qcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqca1023_firmwareqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072aqca6564sa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresmart_audio_200_platformsd670sa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsnapdragon_820_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformapq8094fastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarewcn3990qca6428_firmwareqcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250ipq9554_firmwaresnapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwaresnapdragon_808_processor_firmwareqca6678aqsnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareqca9898ipq9008ipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformsd_455_firmwareqcn9013ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_1200_wearable_platform_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwareflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwareqcs6125snapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwareqca8085_firmwaresd_455qca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070aapq8017_firmwarewcd9380ipq4028qam8255psa6145p_firmwaresa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemmsm8996au_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qam8295p_firmwaresd855wcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6564a_firmwaresdx20m_firmwareqca9994qsm8350wcd9385wcd9330sd662wcn3610_firmwareqcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareipq4018snapdragon_865\+_5g_mobile_platform_firmwaresd820_firmwaresg8275psm6250psdx55_firmwareipq8071a_firmwareqca6438wcn3615_firmwareqca6554a_firmwaresxr2130ipq6028qcm4490snapdragon_636_mobile_platformqcn9100snapdragon_xr2\+_gen_1_platformipq4029qca6174a_firmwaresm7325pqca1990snapdragon_855_mobile_platform_firmwareaqt1000_firmwareipq4018_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwareipq8074_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwareapq8092_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwaremdm9628_firmwareqca6797aqqcn5152ipq8065_firmwarevision_intelligence_400_platform9206_lte_modemqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca4531qca6391qca8386ipq8173_firmwareqcn9012_firmwareqca6584snapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_820_automotive_platformsnapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:53
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13935
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-92.16% / 99.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 15:00
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxMcAfee, LLCNetApp, Inc.The Apache Software FoundationopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxepolicy_orchestratorsiebel_ui_frameworkcommunications_instant_messaging_serveragile_engineering_data_managementagile_plmcommerce_guided_searchcommunications_cloud_native_core_policymanaged_file_transferdebian_linuxblockchain_platformmysql_enterprise_monitorinstantis_enterprisetrackoncommand_system_managertomcatfmw_platformworkload_managerleapApache Tomcat
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:48
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.87%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 18:24
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed_osn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.04% / 93.19%
||
7 Day CHG+0.96%
Published-19 May, 2020 | 13:48
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-12457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.79%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 13:06
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-10675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 51.09%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 13:27
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

Action-Not Available
Vendor-jsonparser_projectn/aFedora Project
Product-fedorajsonparsern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.78%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:34
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

Action-Not Available
Vendor-contiki-osn/a
Product-contikin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-51890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.67%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.

Action-Not Available
Vendor-ctann/a
Product-mathtexn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-8741
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.75% / 86.24%
||
7 Day CHG~0.00%
Published-28 Feb, 2020 | 13:01
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-30188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 77.89%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

Action-Not Available
Vendor-onlyofficen/a
Product-document_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-51075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.54%
||
7 Day CHG-0.04%
Published-27 Dec, 2023 | 00:00
Updated-05 Sep, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

Action-Not Available
Vendor-hutooln/a
Product-hutooln/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-50981
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.66%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

Action-Not Available
Vendor-cryptoppn/a
Product-crypto\+\+n/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-24746
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.84%
||
7 Day CHG~0.00%
Published-06 Apr, 2024 | 11:56
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache NimBLE: Denial of service in NimBLE Bluetooth stack

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.  Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache NimBLEnimble
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-23352
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.02%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_1_mobile_platformwsa8830315_5g_iot_modem_firmwareqca8337qfw7124sg8275p_firmwareqca6431_firmwarewcd9360_firmwaresnapdragon_865_5g_mobile_platformsnapdragon_888_5g_mobile_platformqcn6224_firmwarewsa8840wcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwareqca6595au_firmwaresnapdragon_x70_modem-rf_systemsnapdragon_480_5g_mobile_platformsnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarevideo_collaboration_vc3_platformwcd9370qcm5430_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6426qep8111_firmwareqca6584au_firmwaresnapdragon_8_gen_2_mobile_platformwcd9385_firmwarewcn3950qcn6024_firmwarefastconnect_6200sm7315_firmwaresnapdragon_x55_5g_modem-rf_systemsnapdragon_695_5g_mobile_platform_firmwaresdx71m_firmwaresnapdragon_778g_5g_mobile_platformsdx55_firmwarewsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114sm7250p_firmwareqca8081_firmwareqca6595auwcd9360qca6436_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwaresnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmwaresnapdragon_x72_5g_modem-rf_systemsnapdragon_x70_modem-rf_system_firmwareqcs6490wsa8840_firmwareqca6698aqqcs8550_firmwarewcn3988_firmware315_5g_iot_modemqca6421snapdragon_8\+_gen_1_mobile_platformwcd9340fastconnect_6700_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)wsa8810_firmwareqcn6224snapdragon_780g_5g_mobile_platformwsa8845hsnapdragon_x62_5g_modem-rf_systemwcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemqca6436qca8081sdx71msnapdragon_x35_5g_modem-rf_systemsnapdragon_auto_5g_modem-rf_gen_2snapdragon_690_5g_mobile_platformqcm4490qca6698aq_firmwareqcs5430qca6174a_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)wcd9385wcd9341sxr2130_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6431qca6696_firmwareqcs6490_firmwarear8035wcd9375snapdragon_855_mobile_platform_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)wcd9390qcc710_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewsa8815_firmwarewcn3988wsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqcm6490snapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)wcd9380_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)sd865_5gfastconnect_6800qcm8550ar8035_firmwaresd888snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwarewsa8835snapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_7c\+_gen_3_computewcd9380qcn6274snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700snapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)sxr2130qca6574aqca6174asm7325psnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarevideo_collaboration_vc3_platform_firmwaresg8275psnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqfw7114_firmwarewsa8845wcd9340_firmwarewsa8815sd855sm7325p_firmwaresdx57m_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformqca6426_firmwareqca6574a_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwareqcn9024snapdragon_765g_5g_mobile_platform_\(sm7250-ab\)snapdragon_x55_5g_modem-rf_system_firmwaresm7315qca6391qca6421_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)wcn6740_firmwarefastconnect_7800snapdragon_x35_5g_modem-rf_system_firmwaresnapdragon_690_5g_mobile_platform_firmwareqcm4490_firmwareqcn6274_firmwaresnapdragon_xr2_5g_platformqcs4490_firmwaresnapdragon_x65_5g_modem-rf_systemqcm6490_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)fastconnect_6900_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwareqcn9024_firmwaresdx57mwcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810fastconnect_7800_firmwarewsa8832snapdragon_8_gen_1_mobile_platform_firmwaresm8550pqcm5430qcc710qcs4490wcd9395wcn6740snapdragon_750g_5g_mobile_platformqcs5430_firmwareqca6696qca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwaresdx55sd888_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqcn6024snapdragon_695_5g_mobile_platformsm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)qfw7124_firmwareqep8111snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresnapdragon_855_mobile_platformSnapdragonqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmware315_5g_iot_modem_firmwaresg8275p_firmwareqca6431_firmwarewcd9360_firmwarear8035_firmwareqcn6224_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqcm5430_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwarewcd9340_firmwaresm7325p_firmwaresdx57m_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwaresm7315_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platform_firmwaresdx71m_firmwaresdx55_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwareqca6436_firmwareqca6421_firmwarewcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwaresnapdragon_x70_modem-rf_system_firmwareqcs4490_firmwareqcm6490_firmwarewsa8840_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwarewcd9395_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqca6174a_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwareqcs5430_firmwareqca6391_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm8550p_firmwaresd888_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqfw7124_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmware
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-4511
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.51%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 06:30
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-45233
Matching Score-4
Assigner-TianoCore.org
ShareView Details
Matching Score-4
Assigner-TianoCore.org
CVSS Score-7.5||HIGH
EPSS-0.46% / 64.52%
||
7 Day CHG-0.02%
Published-16 Jan, 2024 | 16:13
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in EDK II Network Package

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Action-Not Available
Vendor-tianocoreTianoCore
Product-edk2edk2
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-44181
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.00%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:01
Updated-18 Sep, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfk5210qfk5700qfk5110qfk5130qfk5200junosqfk5230qfk5220qfk5120Junos OS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-43761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.25%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-42525
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-42524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-3748
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.07% / 22.29%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Sep, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Action-Not Available
Vendor-frroutingn/aRed Hat, Inc.Fedora Project
Product-frroutingRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8frrFedora
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-5097
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-7.28% / 91.78%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 21:49
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Action-Not Available
Vendor-embedthisn/a
Product-goaheadEmbedThis
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-5091
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.66% / 82.37%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 23:46
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.

Action-Not Available
Vendor-leadtoolsn/a
Product-leadtoolsLEADTOOLS libltdic.so
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-5274
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.30%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 18:42
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service attack on the affected products.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg9500_firmwareusg9500USG9500
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-3560
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.91%
||
7 Day CHG~0.00%
Published-29 Apr, 2019 | 00:00
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.

Action-Not Available
Vendor-Facebook
Product-fizzfizz
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2019-3833
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 72.23%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 22:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Action-Not Available
Vendor-openwsman_project[UNKNOWN]openSUSEFedora Project
Product-openwsmanfedoraleapopenwsman
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-20907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.60%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 00:00
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSENetApp, Inc.Python Software FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxcloud_volumes_ontap_mediatorfedoraactive_iq_unified_managerzfs_storage_appliance_kitpythonleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-25040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 77.51%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:16
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-2335
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.31%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwaresdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremdm9150msm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found