REvil Ransomware Operator Behind The Kaseya Supply Chain Hack Sentenced To 13 Years In Prison

May 2, 2024

Four Iranian Hackers Charged With Cyberattacks On American Firms

April 25, 2024

An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft

April 18, 2024

Hacker Fakes His Own Death To Avoid Child Support Payments

April 11, 2024

ATM Skimming Ring Leader Sentenced To 75 Months In Prison

April 4, 2024

OWASP Top 10

OWASP Top 10: Broken Access Control Practical Overview

March 9, 2021

OWASP Top 10: Cryptographic Failures Practical Overview

February 8, 2021

OWASP Top 10: Injection Practical Overview

January 11, 2021

OWASP Top 10: Insecure Design Practical Overview

October 18, 2021

OWASP Top 10: Security Misconfiguration Practical Overview

March 22, 2021

OWASP Top 10: Vulnerable and Outdated Components Practical Overview

May 10, 2021

OWASP Top 10: Identification and Authentication Failures Practical Overview

January 25, 2021

OWASP Top 10: Software and Data Integrity Failures Practical Overview

October 18, 2021

OWASP Top 10: Security Logging and Monitoring Failures Practical Overview

May 24, 2021

OWASP Top 10: Server-Side Request Forgery Practical Overview

October 18, 2021

CWE Glossary

CWE is a trademark of the MITRE Corporation.

ImmuniWeb > CWE Knowledge Base > Infinite Loop [CWE-835]

Infinite loop [CWE-835]

Infinite loop weakness describes a case when a loop cannot reach an exit condition.

Infinite Loop [CWE-835]

Created: September 11, 2012
Latest Update: December 15, 2020

Table of Content

Description
Potential impact
Attack patterns
Affected software
Mitigations
References
Infinite Loop Vulnerabilities, Exploits and Examples

Want to have an in-depth understanding of all modern aspects of
Infinite loop [CWE-835]? Read carefully this article and bookmark it to get back later, we regularly update this page.

1. Description

This weakness describes a logic error within the application, which results in an endless loop. The weakness occurs where an application contains iteration or loop with exit conditions that cannot be reached.

The following example in C++ demonstrates the endless loop:

// Infinite loop [CWE-835] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdio.h>
int main(int argc, char **argv[]) {
int i = 0;
while (i < 10){
if(i == 5){
printf("i equals 5\n");
}
else {
i++;
}
}
return 0;
}

The above example contains a logic error. If the condition "i==5" is true then the program outputs a string "i equals 5", otherwise it will increment "i" by 1. However, when "i" equals 5 it is true for any future iterations and this is where the infinite loop occurs.

2. Potential impact

An attacker can make the application consume all available CPU, memory resources or disk space, cause application hang or system crash.

3. Attack patterns

There are no attack patterns for this specific type of weakness.

4. Affected software

Any software that uses loops or iterations can contain logic errors that are subject to this weakness. There are no limitations based on programming language or platform.

5. Mitigations

There are no particular mitigations for the weakness. To reduce the possible impact, application should run with limited system resources, if possible. Avoid creating loops where number of iterations is based on user input, or introduce additional counters to exit such loops.

6. References

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') [cwe.mitre.org]
Infinite loop [wikipedia.org]

7. Latest HTB Security Advisories with CWE-835

HTB22835: Denial of Service Vulnerability in FlatnuX

Copyright Disclaimer: Any above-mentioned content can be copied and used for non-commercial purposes only if proper credit to ImmuniWeb is given.

↑ Back to Top

12.8k
42
48
54
22
More
37
37
49