目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-835 不可达退出条件的循环(无限循环) 类漏洞列表 212

CWE-835 不可达退出条件的循环(无限循环) 类弱点 212 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-835属于逻辑缺陷类漏洞,指程序包含无法到达退出条件的循环,导致无限执行。攻击者通常利用此缺陷发起拒绝服务攻击,通过触发无限循环耗尽服务器CPU资源或内存,使合法用户无法访问服务。开发者应避免此类问题,需确保循环变量在每次迭代中正确更新,并设置合理的边界检查或超时机制,保证循环最终能正常终止。

MITRE CWE 官方描述
CWE:CWE-835 具有不可达退出条件的循环('Infinite Loop') 英文:该产品包含一个迭代或循环,其退出条件无法被到达,即无限循环。
常见影响 (1)
AvailabilityDoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Amplification
An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.
代码示例 (2)
In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.
int processMessagesFromServer(char *hostaddr, int port) { ... int servsock; int connected; struct sockaddr_in servaddr; // create socket to connect to server servsock = socket( AF_INET, SOCK_STREAM, 0); memset( &servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(port); servaddr.sin_addr.s_addr = inet_addr(hostaddr); do { // establish connection to server connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr)); // if connected then read and process messages from server if (connected > -1) { // read and process messages ... } // keep tr
Bad · C
int processMessagesFromServer(char *hostaddr, int port) { ... // initialize number of attempts counter int count = 0; do { // establish connection to server connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr)); // increment counter count++; // if connected then read and process messages from server if (connected > -1) { // read and process messages ... } // keep trying to establish connection to the server // up to a maximum number of attempts } while (connected < 0 && count < MAX_ATTEMPTS); // close socket and return success or failure ... }
Good · C
For this example, the method isReorderNeeded is part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.
public boolean isReorderNeeded(String bookISBN, int rateSold) { boolean isReorder = false; int minimumCount = 10; int days = 0; // get inventory count for book int inventoryCount = inventory.getIventoryCount(bookISBN); // find number of days until inventory count reaches minimum while (inventoryCount > minimumCount) { inventoryCount = inventoryCount - rateSold; days++; } // if number of days within reorder timeframe // set reorder return boolean to true if (days > 0 && days < 5) { isReorder = true; } return isReorder; }
Bad · Java
public boolean isReorderNeeded(String bookISBN, int rateSold) { ... // validate rateSold variable if (rateSold < 1) { return isReorder; } ... }
Good · Java
CVE ID标题CVSS风险等级Published
CVE-2026-42310 Pillow PDF解析尾部无限循环漏洞 — Pillow--2026-05-09
CVE-2026-41511 OpenMcdf 创建文件解析无限循环拒绝服务漏洞 — openmcdf 6.2 Medium2026-05-08
CVE-2026-5407 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6536 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6534 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6531 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6528 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6523 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6521 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6520 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6519 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6522 Wireshark 无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-7375 Wireshark无限循环漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6985 Cesanta Mongoose 安全漏洞 — Mongoose 5.3 Medium2026-04-25
CVE-2026-33116 Microsoft多款产品 安全漏洞 — .NET 10.0 7.5 High2026-04-14
CVE-2026-34852 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.1 Medium2026-04-13
CVE-2026-39934 MediaWiki - GrowthExperiments Extension 安全漏洞 — Mediawiki - GrowthExperiments Extension 5.9AIMediumAI2026-04-07
CVE-2026-33891 Digital Bazaar Forge 安全漏洞 — forge 7.5 High2026-03-27
CVE-2026-33699 pypdf 安全漏洞 — pypdf 6.5 -2026-03-26
CVE-2026-4598 jsrsasign 安全漏洞 — jsrsasign 7.5 High2026-03-23
CVE-2026-33013 Micronaut Framework 安全漏洞 — micronaut-core 7.5 -2026-03-20
CVE-2026-32889 tinytag 安全漏洞 — tinytag 6.5 Medium2026-03-20
CVE-2026-32256 music-metadata 安全漏洞 — music-metadata 7.5 High2026-03-18
CVE-2026-32777 libexpat 安全漏洞 — libexpat 4.0 Medium2026-03-16
CVE-2026-4179 Zephyr 安全漏洞 — Zephyr 6.1 Medium2026-03-14
CVE-2026-4111 Red Hat Enterprise Linux 10 安全漏洞 — Red Hat Enterprise Linux 10 7.5 High2026-03-13
CVE-2026-31808 file type 安全漏洞 — file-type 5.3 Medium2026-03-10
CVE-2026-20054 Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 安全漏洞 — Cisco Cyber Vision 5.8 Medium2026-03-04
CVE-2026-27628 pypdf 安全漏洞 — pypdf 6.5 -2026-02-25
CVE-2026-26283 ImageMagick 安全漏洞 — ImageMagick 6.2 Medium2026-02-24

CWE-835(不可达退出条件的循环(无限循环)) 是常见的弱点类别,本平台收录该类弱点关联的 212 条 CVE 漏洞。