Cyber Posture

CWE · MITRE source

CWE-834Excessive Iteration

Abstraction: Class · CVEs in our corpus: 105

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the product or its host system; it depends on the amount of resources consumed per iteration.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2020-143033.17.50.26362020-07-06
CVE-2017-125871.88.80.00082017-08-06
CVE-2023-265131.77.50.03042023-03-20
CVE-2017-114091.67.50.01192017-07-18
CVE-2018-143421.67.50.01342018-07-19
CVE-2019-35651.67.50.01952019-05-06
CVE-2020-355731.67.50.01712020-12-20
CVE-2021-31251.67.50.00942021-04-12
CVE-2021-31281.67.50.02482021-04-12
CVE-2021-355151.67.50.01192021-07-13
CVE-2021-399231.67.50.02252021-11-19
CVE-2021-399241.67.50.01342021-11-19
CVE-2017-111881.57.50.00122017-07-12
CVE-2018-73211.57.50.00432018-02-23
CVE-2018-73231.57.50.00542018-02-23
CVE-2018-92611.57.50.00722018-04-04
CVE-2018-118131.57.50.00282018-06-06
CVE-2019-35521.57.50.00382019-05-06
CVE-2019-35581.57.50.00732019-05-06
CVE-2019-35591.57.50.00532019-05-06
CVE-2019-35641.57.50.00532019-05-06
CVE-2021-232701.57.50.00332021-04-12
CVE-2021-392041.57.50.00412021-09-09
CVE-2021-41901.57.50.00122021-12-30
CVE-2021-40211.57.50.00442022-02-24