CVE-2026-33750: Sequence Expansion Zero Step Dos

Sequence expansion logic computes a step increment using `Math.abs` without enforcing a non-zero minimum. If the step evaluates to 0, this can lead to an infinite loop (Denial of Service). Enforce a minimum increment, e.g. with `Math.max(Math.abs(step), 1)`.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0javascript

greprules fetch cve-2026-33750-sequence-expansion-zero-step-dos --engine opengrep

Description

Sequence expansion logic computes a step increment using `Math.abs` without enforcing a non-zero minimum. If the step evaluates to 0, this can lead to an infinite loop (Denial of Service). Enforce a minimum increment, e.g. with `Math.max(Math.abs(step), 1)`.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 111 downloads
0 direct111 via packs
· 0 stars · Trust score 61How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata