CWE-834: Excessive Iteration

low-risk

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Abstraction: Class

Common Consequences

Availability DoS: Resource Consumption (CPU)

Detection Methods

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Fuzz Tester Framework-based Fuzzer Forced Path Execution

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Context-configured Source Code Weakness Analyzer

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Real-World Examples (10)

CVE CVSS EPSS KEV
CVE-2020-14303 7.5 26.4%
CVE-2023-26513 7.5 3.0%
CVE-2021-3128 7.5 2.5%
CVE-2021-39923 7.5 2.2%
CVE-2019-3565 7.5 1.9%
CVE-2020-35573 7.5 1.7%
CVE-2024-8049 6.5 1.5%
CVE-2021-39924 7.5 1.3%
CVE-2018-14342 7.5 1.3%
CVE-2017-11409 7.5 1.2%
0
/ 100
low-risk
Active Threat 0/50 · Minimal
Exploit Availability 0/50 · Minimal