Description
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the product or its host system; it depends on the amount of resources consumed per iteration.
Potential Impact
Availability
DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Amplification, DoS: Crash, Exit, or Restart
Demonstrative Examples
void do_something_recursive (int flg)
{
... // Do some real work here, but the value of flg is unmodified
if (flg) { do_something_recursive (flg); } // flg is never modified so it is always TRUE - this call will continue until the stack explodes
}
int flag = 1; // Set to TRUE
do_something_recursive (flag);void do_something_recursive (int flg)
{
... // Do some real work here
// Modify value of flg on done condition
if (flg) { do_something_recursive (flg); } // returns when flg changes to 0
}
int flag = 1; // Set to TRUE
do_something_recursive (flag);public boolean isReorderNeeded(String bookISBN, int rateSold) {
boolean isReorder = false;
int minimumCount = 10;int days = 0;
// get inventory count for book
int inventoryCount = inventory.getIventoryCount(bookISBN);
// find number of days until inventory count reaches minimum
while (inventoryCount > minimumCount) {
inventoryCount = inventoryCount - rateSold;days++;
}
// if number of days within reorder timeframe
// set reorder return boolean to true
if (days > 0 && days < 5) {isReorder = true;}
return isReorder;
}public boolean isReorderNeeded(String bookISBN, int rateSold) {
...
// validate rateSold variable
if (rateSold < 1) {return isReorder;}
...
}Detection Methods
- Dynamic Analysis with Manual Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Manual Static Analysis - Source Code SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Automated Static Analysis - Source Code High — According to SOAR [REF-1479], the following detection techniques may be useful:
- Architecture or Design Review High — According to SOAR [REF-1479], the following detection techniques may be useful:
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2011-1027 | Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters. |
| CVE-2006-6499 | Chain: web browser crashes due to infinite loop - "bad looping logic [that relies on] floating point math [CWE-1339] to exit the loop [CWE-835]" |
Related Weaknesses
Frequently Asked Questions
What is CWE-834?
CWE-834 (Excessive Iteration) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
How can CWE-834 be exploited?
Attackers can exploit CWE-834 (Excessive Iteration) to dos: resource consumption (cpu), dos: resource consumption (memory), dos: amplification, dos: crash, exit, or restart. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-834?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-834?
CWE-834 is classified as a Class-level weakness (High abstraction). It has been observed in 2 real-world CVEs.