The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
View on MITREAn infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.
No mitigation information available for this CWE.
No detection method information available for this CWE.
In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.
However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.
In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.
However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.
For this example, the method isReorderNeeded is part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.
However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop, as in the following code.
For this example, the method isReorderNeeded is part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.
However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop, as in the following code.
Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
View DetailsA Python machine communication platform did not account for receiving a malformed packet with a null size, causing the receiving function to never update the message buffer and be caught in an infinite loop.
View DetailsChain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters.
View DetailsChain: self-referential values in recursive definitions lead to infinite loop.
View DetailsChain: web browser crashes due to infinite loop - "bad looping logic [that relies on] floating point math [CWE-1339] to exit the loop [CWE-835]"
View DetailsFloating point conversion routine cycles back and forth between two different values.
View DetailsFloating point conversion routine cycles back and forth between two different values.
View DetailsChain: improperly clearing a pointer in a linked list leads to infinite loop.
View DetailsChain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.
View DetailsChain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.
View DetailsNo relationship information available for this CWE.
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
If exploited, CWE-835 (Loop with Unreachable Exit Condition ('Infinite Loop')) it can compromise Availability, leading to outcomes such as DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory) and DoS: Amplification.
CWE-835 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-835, including CVE-2022-22224, CVE-2022-25304, CVE-2011-1027, CVE-2011-1142 and CVE-2011-1002. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-835 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.