The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. 1000 699 Weakness ChildOf 20 734 Category ChildOf 738 1000 Weakness CanPrecede 834 868 Category ChildOf 872 888 Category ChildOf 896 Implementation Availability DoS: resource consumption (CPU) Implementation Do not use user-controlled data for loop conditions. Implementation Perform input validation. C void iterate(int n){ int i; for (i = 0; i < n; i++){ foo(); } } void iterateFoo() { unsigned int num; scanf("%u",&num); iterate(num); } Mark Dowd John McDonald Justin Schuh The Art of Software Security Assessment Chapter 7, "Looping Constructs", Page 327. 1st Edition Addison Wesley 2006 Use a secure integer library INT03-C Use a secure integer library INT03-CPP Anonymous Tool Vendor (under NDA) Eric Dalci Cigital 2008-07-01 updated Potential_Mitigations, Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Relationships, Taxonomy_Mappings, Type CWE Content Team MITRE 2008-11-24 updated Relationships, Taxonomy_Mappings CWE Content Team MITRE 2009-05-27 updated Demonstrative_Examples CWE Content Team MITRE 2009-10-29 updated Relationships CWE Content Team MITRE 2011-03-29 updated Demonstrative_Examples, Relationships CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2011-09-13 updated Relationships, Taxonomy_Mappings CWE Content Team MITRE 2012-05-11 updated References, Relationships CWE Content Team MITRE 2012-10-30 updated Potential_Mitigations