Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-835
Total 491 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-37768 1 Jpeg 1 Libjpeg 2022-08-19 N/A 7.5 HIGH
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
CVE-2022-2833 1 Blender 1 Blender 2022-08-18 N/A 7.5 HIGH
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-35724 1 Apache 1 Avro 2022-08-15 N/A 7.5 HIGH
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
CVE-2022-34661 1 Siemens 1 Teamcenter 2022-08-12 N/A 7.5 HIGH
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.
CVE-2022-34862 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2022-08-10 N/A 7.5 HIGH
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2021-3908 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2022-08-09 5.0 MEDIUM 7.5 HIGH
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
CVE-2021-1252 1 Clamav 1 Clamav 2022-08-05 7.8 HIGH 7.5 HIGH
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.
CVE-2017-9233 3 Debian, Libexpat Project, Python 3 Debian Linux, Libexpat, Python 2022-07-28 5.0 MEDIUM 7.5 HIGH
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
CVE-2019-20907 7 Canonical, Debian, Fedoraproject and 4 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2022-07-28 5.0 MEDIUM 7.5 HIGH
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
CVE-2022-34760 1 Schneider-electric 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more 2022-07-27 N/A 7.5 HIGH
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
CVE-2021-31812 3 Apache, Fedoraproject, Oracle 7 Pdfbox, Fedora, Banking Corporate Lending Process Management and 4 more 2022-07-25 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2020-7595 7 Canonical, Debian, Fedoraproject and 4 more 32 Ubuntu Linux, Debian Linux, Fedora and 29 more 2022-07-25 5.0 MEDIUM 7.5 HIGH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2022-0711 3 Debian, Haproxy, Redhat 5 Debian Linux, Haproxy, Enterprise Linux and 2 more 2022-07-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2022-32058 1 Tp-link 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more 2022-07-18 7.8 HIGH 7.5 HIGH
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2020-12655 1 Linux 1 Linux Kernel 2022-07-12 2.1 LOW 5.5 MEDIUM
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
CVE-2022-29862 1 Opcfoundation 1 Ua .net Standard Stack 2022-06-27 5.0 MEDIUM 7.5 HIGH
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVE-2022-25851 1 Jpeg-js Project 1 Jpeg-js 2022-06-17 5.0 MEDIUM 7.5 HIGH
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.
CVE-2019-5097 1 Embedthis 1 Goahead 2022-06-17 5.0 MEDIUM 7.5 HIGH
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
CVE-2019-5091 1 Leadtools 1 Leadtools 2022-06-17 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.
CVE-2021-40592 1 Gpac 1 Gpac 2022-06-15 4.3 MEDIUM 5.5 MEDIUM
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.