Total Tests:

CWE Glossary

CWE is a trademark of the MITRE Corporation.

Stay in Touch

Get exclusive updates and invitations to our events and webinars:

Your data will stay confidential Private and Confidential

Infinite loop [CWE-835]

Infinite loop weakness describes a case when a loop cannot reach an exit condition.

Infinite Loop [CWE-835]

Created: September 11, 2012
Latest Update: December 15, 2020

Table of Content

  1. Description
  2. Potential impact
  3. Attack patterns
  4. Affected software
  5. Mitigations
  6. References
  7. Infinite Loop Vulnerabilities, Exploits and Examples

Want to have an in-depth understanding of all modern aspects of
Infinite loop [CWE-835]? Read carefully this article and bookmark it to get back later, we regularly update this page.

1. Description

This weakness describes a logic error within the application, which results in an endless loop. The weakness occurs where an application contains iteration or loop with exit conditions that cannot be reached.

The following example in C++ demonstrates the endless loop:

  1. // Infinite loop [CWE-835] vulnerable code example
  2. // (c) HTB Research
  3. #include "StdAfx.h"
  4. #include <stdio.h>
  5. int main(int argc, char **argv[]) {
  6.   int i = 0;
  7.   while (i < 10){
  8.     if(i == 5){
  9.       printf("i equals 5\n");
  10.     }
  11.     else {
  12.       i++;
  13.     }
  14.   }
  15.   return 0;
  16. }

The above example contains a logic error. If the condition "i==5" is true then the program outputs a string "i equals 5", otherwise it will increment "i" by 1. However, when "i" equals 5 it is true for any future iterations and this is where the infinite loop occurs.

2. Potential impact

An attacker can make the application consume all available CPU, memory resources or disk space, cause application hang or system crash.

How to Detect Infinite Loop Vulnerabilities
Website Security Test
  • GDPR & PCI DSS Test
  • Website CMS Security Test
  • CSP & HTTP Headers Check
  • WordPress & Drupal Scanning
Try For Free

3. Attack patterns

There are no attack patterns for this specific type of weakness.

4. Affected software

Any software that uses loops or iterations can contain logic errors that are subject to this weakness. There are no limitations based on programming language or platform.

5. Mitigations

There are no particular mitigations for the weakness. To reduce the possible impact, application should run with limited system resources, if possible. Avoid creating loops where number of iterations is based on user input, or introduce additional counters to exit such loops.

6. References

  1. CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') []
  2. Infinite loop []

7. Latest HTB Security Advisories with CWE-835

Copyright Disclaimer: Any above-mentioned content can be copied and used for non-commercial purposes only if proper credit to ImmuniWeb is given.

↑ Back to Top
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential