Community Edition
Total Tests:
This Week:
Today:

CWE Glossary

CWE is a trademark of the MITRE Corporation.

Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Infinite loop [CWE-835]

Infinite loop weakness describes a case when a loop cannot reach an exit condition.

Infinite Loop [CWE-835]

Created: September 11, 2012
Latest Update: June 26, 2019

Table of Content

  1. Description
  2. Potential impact
  3. Attack patterns
  4. Affected software
  5. Mitigations
  6. References
  7. Infinite Loop Vulnerabilities, Exploits and Examples

1. Description

This weakness describes a logic error within the application, which results in an endless loop. The weakness occurs where an application contains iteration or loop with exit conditions that cannot be reached.

The following example in C++ demonstrates the endless loop:

  1. // Infinite loop [CWE-835] vulnerable code example
  2. // (c) HTB Research
  3. #include "StdAfx.h"
  4. #include <stdio.h>
  5. int main(int argc, char **argv[]) {
  6.   int i = 0;
  7.   while (i < 10){
  8.     if(i == 5){
  9.       printf("i equals 5\n");
  10.     }
  11.     else {
  12.       i++;
  13.     }
  14.   }
  15.   return 0;
  16. }

The above example contains a logic error. If the condition "i==5" is true then the program outputs a string "i equals 5", otherwise it will increment "i" by 1. However, when "i" equals 5 it is true for any future iterations and this is where the infinite loop occurs.

2. Potential impact

An attacker can make the application consume all available CPU, memory resources or disk space, cause application hang or system crash.

How to Detect Infinite Loop Vulnerabilities
Free Website Security Test
  • Non-intrusive GDPR Test
  • Non-intrusive PCI DSS Test
Try Free Test
ImmuniWeb® On-Demand
  • Complete GDPR Audit
  • Complete PCI DSS Audit
  • Remediation Guidelines
  • DevSecOps Integration
Learn More

3. Attack patterns

There are no attack patterns for this specific type of weakness.

4. Affected software

Any software that uses loops or iterations can contain logic errors that are subject to this weakness. There are no limitations based on programming language or platform.

5. Mitigations

There are no particular mitigations for the weakness. To reduce the possible impact, application should run with limited system resources, if possible. Avoid creating loops where number of iterations is based on user input, or introduce additional counters to exit such loops.

6. References

  1. CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') [cwe.mitre.org]
  2. Infinite loop [wikipedia.org]

7. Latest HTB Security Advisories with CWE-835


Copyright Disclaimer: Any above-mentioned content can be copied and used for non-commercial purposes only if proper credit to ImmuniWeb is given.

↑ Back to Top
Ask a Question