CWE-674

Uncontrolled Recursion

Parent: CWE-834 - Excessive Iteration

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

430 vulnerabilities with CWE-674
CVE-2022-25313 MEDIUM
libexpat < 2.4.5 - Denial of Service via DTD Element Nesting
CVSS 6.5
CVE-2022-23591 HIGH
TensorFlow < 2.5.3 - Denial of Service via Recursive GraphDef Function
CVSS 7.5
CVE-2022-23889 MEDIUM
YzmCMS v6.3 - Uncontrolled Recursion via Comment Function
CVSS 5.3
CVE-2022-21708 MEDIUM
graphql-go < 1.3.0 - Denial of Service via Stack Overflow in Query Handling
CVSS 6.5
CVE-2021-41737 HIGH
Faust 2.23.1 - Denial of Service via Stack Consumption
CVSS 7.5
CVE-2021-47465 MEDIUM
Linux Kernel 5.2 - Stack Corruption via Emergency Stack Frame Handling
CVSS 5.5
CVE-2021-36395 HIGH
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Denial of Service via Recursive URL Parsing
CVSS 7.5
CVE-2021-3997 MEDIUM
systemd 240-250.1 - Denial of Service via Uncontrolled Recursion in systemd-tmpfiles
CVSS 5.5
CVE-2021-41752 CRITICAL
Jerryscript <e1ce7dd - Buffer Overflow
CVSS 9.8
CVE-2021-46509 HIGH
Cesanta MJS <2.20.0 - Buffer Overflow
CVSS 7.8
CVE-2021-46507 MEDIUM
jsish v3.5.0 - Stack Overflow via Jsi_LogMsg
CVSS 5.5
CVE-2021-46505 MEDIUM
jsish v3.5.0 - Stack Overflow via Uncontrolled Recursion
CVSS 5.5
CVE-2021-46195 MEDIUM
GCC v12.0 - Denial of Service via Uncontrolled Recursion in libiberty/rust-demangle.c
CVSS 5.5
CVE-2021-45832 MEDIUM
HDF5 1.13.1-1 - Denial of Service via Stack-based Buffer Overflow in H5Eint.c
CVSS 5.5
CVE-2021-45105 MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
CVSS 5.9
CVE-2021-42717 HIGH
OWASP ModSecurity 2.8.0-2.9.4 and 3.0.0-3.0.5 - Denial of Service via Excessively Nested JSON Objects
CVSS 7.5
CVE-2021-39929 HIGH
Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Bluetooth DHT Dissector
CVSS 7.5
CVE-2021-43172 HIGH
NLnet Labs Routinator <0.10.2 - DoS
CVSS 7.5
CVE-2021-43519 MEDIUM
Lua 5.1.0-5.4.4 - Denial of Service via Stack Overflow in lua_resume
CVSS 5.5
CVE-2021-42697 HIGH
Akka HTTP 10.1.0-10.1.14 and 10.2.0-10.2.6 - Denial of Service via User-Agent Header with Nested Comments
CVSS 7.5
CVE-2021-39257 MEDIUM
NTFS-3G < 2021.8.22 - Buffer Overflow
CVSS 5.5
CVE-2021-38569 HIGH
Foxit Reader & PhantomPDF <10.1.4 - Memory Corruption
CVSS 7.5
CVE-2021-38566 HIGH
Foxit PDF Reader <11.0.1 - Memory Corruption
CVSS 7.5
CVE-2021-22144 MEDIUM
Elasticsearch < 6.8.17 - Denial of Service via Grok Parser Recursion
CVSS 6.5
CVE-2021-36773 HIGH
nMatrix < 4.4.9 - Denial of Service via Unbounded Recursion in Strict Blocking
CVSS 7.5
Details
Vulnerabilities 430
Links
MITRE CWE Entry Search this CWE With Exploits