Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-835:Loop with Unreachable Exit Condition ('Infinite Loop')
Weakness ID:835
Version:v4.17
Weakness Name:Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

diagram
▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfDiscouragedC834Excessive Iteration
ParentOfAllowedB1322Use of Blocking Code in Single-threaded, Non-blocking Context
Nature: ChildOf
Mapping: Discouraged
Type: Class
ID: 834
Name: Excessive Iteration
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1322
Name: Use of Blocking Code in Single-threaded, Non-blocking Context
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
MemberOfProhibitedV884CWE Cross-section
MemberOfProhibitedC1131CISQ Quality Measures (2016) - Security
MemberOfProhibitedC1306CISQ Quality Measures - Reliability
MemberOfProhibitedC1308CISQ Quality Measures - Security
MemberOfProhibitedC1410Comprehensive Categorization: Insufficient Control Flow Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 438
Name: Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type:View
ID: 884
Name: CWE Cross-section
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1131
Name: CISQ Quality Measures (2016) - Security
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1306
Name: CISQ Quality Measures - Reliability
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1308
Name: CISQ Quality Measures - Security
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1410
Name: Comprehensive Categorization: Insufficient Control Flow Management
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-314DoS: Resource Consumption (CPU) (impact)
MemberOfProhibitedBSBOSS-321DoS: Amplification (impact)
MemberOfProhibitedBSBOSS-327DoS: Resource Consumption (Memory) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-314
Name: DoS: Resource Consumption (CPU) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-321
Name: DoS: Amplification (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-327
Name: DoS: Resource Consumption (Memory) (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 438
Name: Behavioral Problems
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1306CISQ Quality Measures - Reliability
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1306
Name: CISQ Quality Measures - Reliability
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1308CISQ Quality Measures - Security
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1308
Name: CISQ Quality Measures - Security
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
AvailabilityN/ADoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)DoS: Amplification

An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.

Scope: Availability
Likelihood: N/A
Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Amplification
Note:

An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.

▼Potential Mitigations
▼Modes Of Introduction
▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.

Language: ( code)
N/A

Language: C(Bad code)
int processMessagesFromServer(char *hostaddr, int port) { ... int servsock; int connected; struct sockaddr_in servaddr; // create socket to connect to server* servsock = socket( AF_INET, SOCK_STREAM, 0); memset( &servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(port); servaddr.sin_addr.s_addr = inet_addr(hostaddr); do { // establish connection to server* connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr)); *// if connected then read and process messages from server* if (connected > -1) { // read and process messages* ...} *// keep trying to establish connection to the server* } while (connected < 0); *// close socket and return success or failure* ...}

Language: ( code)
N/A

However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.

Language: C(Good code)
int processMessagesFromServer(char *hostaddr, int port) { ... // initialize number of attempts counter* int count = 0; do { // establish connection to server* connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr)); *// increment counter* count++; *// if connected then read and process messages from server* if (connected > -1) { // read and process messages* ...} *// keep trying to establish connection to the server* *// up to a maximum number of attempts* } while (connected < 0 && count < MAX_ATTEMPTS); *// close socket and return success or failure* ...}

Example 2

For this example, the method isReorderNeeded is part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.

Language: ( code)
N/A

Language: Java(Bad code)
public boolean isReorderNeeded(String bookISBN, int rateSold) { boolean isReorder = false; int minimumCount = 10; int days = 0; // get inventory count for book* int inventoryCount = inventory.getIventoryCount(bookISBN); *// find number of days until inventory count reaches minimum* while (inventoryCount > minimumCount) { inventoryCount = inventoryCount - rateSold; days++; } // if number of days within reorder timeframe* *// set reorder return boolean to true* if (days > 0 && days < 5) { isReorder = true; } return isReorder; }

Language: ( code)
N/A

However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop, as in the following code.

Language: Java(Good code)
public boolean isReorderNeeded(String bookISBN, int rateSold) { ... // validate rateSold variable* if (rateSold < 1) { return isReorder; } ... }

▼Observed Examples
ReferenceDescription
CVE-2022-22224
Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
CVE-2022-25304
A Python machine communication platform did not account for receiving a malformed packet with a null size, causing the receiving function to never update the message buffer and be caught in an infinite loop.
CVE-2011-1027
Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters.
CVE-2011-1142
Chain: self-referential values in recursive definitions lead to infinite loop.
CVE-2011-1002
NULL UDP packet is never cleared from a queue, leading to infinite loop.
CVE-2006-6499
Chain: web browser crashes due to infinite loop - "bad looping logic [that relies on] floating point math [CWE-1339] to exit the loop [CWE-835]"
CVE-2010-4476
Floating point conversion routine cycles back and forth between two different values.
CVE-2010-4645
Floating point conversion routine cycles back and forth between two different values.
CVE-2010-2534
Chain: improperly clearing a pointer in a linked list leads to infinite loop.
CVE-2013-1591
Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.
CVE-2008-3688
Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.
Reference: CVE-2022-22224
Description:
Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
Reference: CVE-2022-25304
Description:
A Python machine communication platform did not account for receiving a malformed packet with a null size, causing the receiving function to never update the message buffer and be caught in an infinite loop.
Reference: CVE-2011-1027
Description:
Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters.
Reference: CVE-2011-1142
Description:
Chain: self-referential values in recursive definitions lead to infinite loop.
Reference: CVE-2011-1002
Description:
NULL UDP packet is never cleared from a queue, leading to infinite loop.
Reference: CVE-2006-6499
Description:
Chain: web browser crashes due to infinite loop - "bad looping logic [that relies on] floating point math [CWE-1339] to exit the loop [CWE-835]"
Reference: CVE-2010-4476
Description:
Floating point conversion routine cycles back and forth between two different values.
Reference: CVE-2010-4645
Description:
Floating point conversion routine cycles back and forth between two different values.
Reference: CVE-2010-2534
Description:
Chain: improperly clearing a pointer in a linked list leads to infinite loop.
Reference: CVE-2013-1591
Description:
Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.
Reference: CVE-2008-3688
Description:
Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      OMG ASCSMASCSM-CWE-835N/AN/A
      Taxonomy Name: OMG ASCSM
      Entry ID: ASCSM-CWE-835
      Fit: N/A
      Entry Name: N/A
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-62
      Title: The Art of Software Security Assessment
      Author: Mark Dowd, John McDonald, Justin Schuh
      Section: Chapter 7, "Looping Constructs", Page 327
      Publication:
      Publisher:Addison Wesley
      Edition:1st Edition
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2006
      Reference ID: REF-962
      Title: Automated Source Code Security Measure (ASCSM)
      Author: Object Management Group (OMG)
      Section: ASCSM-CWE-835
      Publication:
      Publisher:
      Edition:
      URL:http://www.omg.org/spec/ASCSM/1.0/
      URL Date:
      Day:N/A
      Month:01
      Year:2016
      Details not found