Back to CWE list
CWE-606
Unchecked Input for Loop Condition
Base
Draft
Description
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Availability
Impact
DoS: Resource Consumption (CPU)
Potential Mitigations
Implementation
Do not use user-controlled data for loop conditions.
Implementation
Perform input validation.
CVE-2025-32399Chain: library for implementing Profinet devices does not check an input for a loop condition (CWE-606), allowing an infinite loop (CWE-835) via a crafted RPC packet
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now