Vulnerabilities > Loop with Unreachable Exit Condition ('Infinite Loop')

DATE CVE VULNERABILITY TITLE RISK
2023-12-29 CVE-2023-50570 Infinite Loop vulnerability in Seancfoley Ipaddress 5.1.0
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.
local
low complexity
seancfoley CWE-835
5.5
2023-12-27 CVE-2023-51075 Infinite Loop vulnerability in Hutool 5.8.23
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function.
network
low complexity
hutool CWE-835
7.5
2023-12-18 CVE-2023-50981 Infinite Loop vulnerability in Cryptopp Crypto++
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
network
low complexity
cryptopp CWE-835
7.5
2023-12-08 CVE-2023-6245 Infinite Loop vulnerability in Dfinity Candid
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type.
network
low complexity
dfinity CWE-835
7.5
2023-11-29 CVE-2023-40458 Infinite Loop vulnerability in Sierrawireless Aleos
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions.
network
low complexity
sierrawireless CWE-835
7.5
2023-11-07 CVE-2023-46737 Infinite Loop vulnerability in Sigstore Cosign
Cosign is a sigstore signing tool for OCI containers.
network
low complexity
sigstore CWE-835
5.3
2023-11-06 CVE-2023-5825 Infinite Loop vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1.
network
low complexity
gitlab CWE-835
6.5
2023-11-01 CVE-2023-1718 Infinite Loop vulnerability in Bitrix24 22.0.300
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".
network
low complexity
bitrix24 CWE-835
7.5
2023-10-13 CVE-2023-44181 Infinite Loop vulnerability in Juniper Junos
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.
network
low complexity
juniper CWE-835
7.5
2023-10-12 CVE-2023-22325 Infinite Loop vulnerability in Softether VPN 4.419782/5.01.9674/5.02
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02.
network
high complexity
softether CWE-835
5.9