Führe statische Analyse (SAST) auf der Codebasis aus und suche im Datenfluss nach dem unsicheren Muster.
CWE-835 Base Incomplete
Loop with Unreachable Exit Condition ('Infinite Loop')
An infinite loop occurs when a program's iteration logic contains an exit condition that can never be satisfied, causing the loop to run indefinitely and consume system resources.
Definition
What is CWE-835?
An infinite loop occurs when a program's iteration logic contains an exit condition that can never be satisfied, causing the loop to run indefinitely and consume system resources.
This vulnerability typically stems from flawed loop logic where the condition for termination is incorrectly defined. Common causes include using a loop counter that never updates, checking against a variable that doesn't change within the loop body, or creating circular dependencies where the exit state becomes mathematically impossible to reach. Developers might introduce these errors through simple typos, incorrect operator usage, or misunderstanding how loop variables interact with other parts of the code.
When an infinite loop executes, it can lead to denial of service by exhausting CPU cycles, memory, or other finite resources, potentially freezing the application or the entire system. To prevent this, always validate that loop control variables are properly modified inside the loop and that exit conditions are based on values that will eventually change. Using timeouts, circuit breakers, or defensive programming techniques like maximum iteration limits can provide safety nets for unexpected logic errors.
Auswirkungen in der Praxis
Real-world CVEs caused by CWE-835
-
Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
-
A Python machine communication platform did not account for receiving a malformed packet with a null size, causing the receiving function to never update the message buffer and be caught in an infinite loop.
-
Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters.
-
Chain: self-referential values in recursive definitions lead to infinite loop.
-
NULL UDP packet is never cleared from a queue, leading to infinite loop.
-
Chain: web browser crashes due to infinite loop - "bad looping logic [that relies on] floating point math [CWE-1339] to exit the loop [CWE-835]"
-
Floating point conversion routine cycles back and forth between two different values.
-
Floating point conversion routine cycles back and forth between two different values.
Wie Angreifer es ausnutzen
Angreiferpfad Schritt für Schritt
- 1
In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.
- 2
However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.
- 3
For this example, the method isReorderNeeded is part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.
- 4
However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop, as in the following code.
Verwundbares Codebeispiel
Vulnerable C
In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.
int processMessagesFromServer(char *hostaddr, int port) {
...
int servsock;
int connected;
struct sockaddr_in servaddr;
```
// create socket to connect to server*
servsock = socket( AF_INET, SOCK_STREAM, 0);
memset( &servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(port);
servaddr.sin_addr.s_addr = inet_addr(hostaddr);
do {
```
```
// establish connection to server*
connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));
*// if connected then read and process messages from server*
if (connected > -1) {
```
```
// read and process messages*
...}
*// keep trying to establish connection to the server*
} while (connected < 0);
*// close socket and return success or failure*
...} Sicheres Codebeispiel
Secure C
However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.
int processMessagesFromServer(char *hostaddr, int port) {
...
```
// initialize number of attempts counter*
int count = 0;
do {
```
```
// establish connection to server*
connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));
*// increment counter*
count++;
*// if connected then read and process messages from server*
if (connected > -1) {
```
```
// read and process messages*
...}
*// keep trying to establish connection to the server*
*// up to a maximum number of attempts*
} while (connected < 0 && count < MAX_ATTEMPTS);
*// close socket and return success or failure*
...} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste
How to prevent CWE-835
- Architecture Use safe-by-default frameworks and APIs that prevent the unsafe pattern from being expressible.
- Implementation Validate input at trust boundaries; use allowlists, not denylists.
- Implementation Apply the principle of least privilege to credentials, file paths, and runtime permissions.
- Testing Cover this weakness in CI: SAST rules + targeted unit tests for the data flow.
- Operation Monitor logs for the runtime signals listed in the next section.
Erkennungssignale
How to detect CWE-835
Führe dynamische Application-Security-Tests gegen den Live-Endpoint aus.
Beobachte Runtime-Logs auf ungewöhnliche Exception-Traces, fehlerhafte Eingaben oder Versuche, Autorisierung zu umgehen.
Code Review: Markiere jeden neuen Code, der Eingaben von dieser Oberfläche ohne validierte Framework-Helper verarbeitet.
Plexicus erkennt CWE-835 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.
Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.
Häufig gestellte Fragen Was ist CWE-835?
Wie gravierend ist CWE-835?
Welche Sprachen oder Plattformen sind von CWE-835 betroffen?
Wie kann ich CWE-835 verhindern?
Wie erkennt und behebt Plexicus CWE-835?
Wo erfahre ich mehr über CWE-835?
Frequently asked questions
Was ist CWE-835?
An infinite loop occurs when a program's iteration logic contains an exit condition that can never be satisfied, causing the loop to run indefinitely and consume system resources.
Wie gravierend ist CWE-835?
MITRE hat für diese Schwachstelle keine Exploit-Wahrscheinlichkeit veröffentlicht. Behandle sie als mittlere Auswirkung, bis dein Threat Model anderes belegt.
Welche Sprachen oder Plattformen sind von CWE-835 betroffen?
MITRE hat für diese CWE keine betroffenen Plattformen spezifiziert — sie kann in den meisten Anwendungs-Stacks auftreten.
Wie kann ich CWE-835 verhindern?
Use safe-by-default frameworks, validate untrusted input at trust boundaries, and apply the principle of least privilege. Cover the data-flow signature in CI with SAST.
Wie erkennt und behebt Plexicus CWE-835?
Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-835 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.
Wo erfahre ich mehr über CWE-835?
MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/835.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.
Verwandte Schwachstellen
Weaknesses related to CWE-835
CWE-834 Parent
Excessive Iteration
This vulnerability occurs when a program runs a loop too many times because it lacks proper limits on its iterations.
CWE-1322 Sibling
Use of Blocking Code in Single-threaded, Non-blocking Context
This vulnerability occurs when an application designed to be single-threaded and non-blocking, for performance and scalability,…
CWE-674 Sibling
Uncontrolled Recursion
This vulnerability occurs when an application fails to limit how deeply a function can call itself. Without proper controls, this…
Bereit, wenn du es bist
Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.
Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.