CWE-606 – Unchecked Input for Loop Condition

Read Time:21 Second

Description

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1284
CWE-834

 

Consequences

Availability: DoS: Resource Consumption (CPU)

 

Potential Mitigations

Phase: Implementation

Description: 

Do not use user-controlled data for loop conditions.

Phase: Implementation

Description: 

Perform input validation.

CVE References