CWE-674

Uncontrolled Recursion

Parent: CWE-834 - Excessive Iteration

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

430 vulnerabilities with CWE-674
CVE-2024-8176 HIGH
Red Hat Enterprise Linux 10 - Denial of Service via Recursive Entity Expansion in libexpat
CVSS 7.5
CVE-2024-58102 MEDIUM
Datalust Seq <2024.3.13545 - Stack Consumption
CVSS 5.7
CVE-2024-57257 LOW
Das U-Boot <2025.01-rc1 - Buffer Overflow
CVSS 2.0
CVE-2024-57699 HIGH
Netplex Json-smart 2.5.0-2.5.1 - Denial of Service via Crafted JSON Input
CVSS 7.5
CVE-2024-54731 MEDIUM
CPDF < 2.8 - Denial of Service via Stack Consumption
CVSS 4.0
CVE-2024-49363 HIGH
Misskey <= 2024.10.1 - Unauthenticated Denial of Service via Proxy Loop Amplification
CVSS 7.4
CVE-2024-53090 MEDIUM
Linux Kernel < 6.11.9 - Uncontrolled Recursion in AFS Call Handling
CVSS 5.5
CVE-2024-47831 MEDIUM
Next.js 10.0.0-14.2.6 - Denial of Service via Image Optimization Feature
CVSS 5.9
CVE-2024-31228 MEDIUM
Redis 2.2.5-6.2.15 - Authenticated Denial of Service via Long String Match Pattern Recursion
CVSS 5.5
CVE-2024-7254 HIGH
Google Protobuf < 3.25.5 - Uncontrolled Recursion via Nested Groups
CVSS 7.5
CVE-2024-34158 HIGH
Go standard library <1.22.7, 1.23.0-1.23.1 DoS via Nested Build Tags
CVSS 7.5
CVE-2024-44996 MEDIUM
Linux Kernel 6.4-6.6.47, 6.7-6.10.6 - Uncontrolled Recursion via vsock recvmsg
CVSS 5.5
CVE-2024-43414 HIGH
Apollo Router <1.52.1 and @apollo/query-planner 2.0.0-2.8.4 - Denial of Service via Query Plan Permutation Overflow
CVSS 7.5
CVE-2024-42369 MEDIUM
matrix-js-sdk < 34.3.1 - Denial of Service via Cyclic Room Structure
CVSS 4.1
CVE-2024-44073 HIGH
rust-bitcoin miniscript < 12.2.0 - Uncontrolled Recursion
CVSS 7.5
CVE-2024-7866 MEDIUM
Xpdf < 4.05 - Denial of Service via PDF Object Loop Recursion
CVSS 5.5
CVE-2024-37973 HIGH
Windows 10/11, Server 2012-2022 Secure Boot Bypass via Recursion
CVSS 8.8
CVE-2024-5971 HIGH
Undertow 2.3.0.Alpha1-2.3.14.Final - Denial of Service via Chunked Response Handling
CVSS 7.5
CVE-2024-2965 MEDIUM
langchain < 0.2.5 - Denial of Service via SitemapLoader Recursion
CVSS 4.7
CVE-2024-35886 HIGH
Linux Kernel 2.6.13-4.19.311 - Uncontrolled Recursion in fib6_dump_done
CVSS 7.8
CVE-2024-32609 HIGH
HDF5 Library <1.14.3 - Memory Corruption
CVSS 7.5
CVE-2024-4568 LOW
Xpdf < 4.05 - Denial of Service via PDF Object Loop Recursion
CVSS 2.9
CVE-2024-4340 HIGH
sqlparse < 0.5.0 - Denial of Service via Recursive Parsing
CVSS 7.5
CVE-2024-3248 LOW
Xpdf < 4.05 - Denial of Service via PDF Attachment Object Loop
CVSS 2.9
CVE-2024-3247 LOW
xpdf < 4.05 - Denial of Service via PDF Object Loop Recursion
CVSS 2.9
Details
Vulnerabilities 430
Links
MITRE CWE Entry Search this CWE With Exploits