CWE-674

Uncontrolled Recursion

Parent: CWE-834 - Excessive Iteration

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

430 vulnerabilities with CWE-674
CVE-2023-2990 HIGH
Globalscape EFT Server < 8.1.0.16 - Denial of Service via Recursive Deflate Stream
CVSS 7.5
CVE-2023-31893 HIGH
Telefnica Brasil Vivo Play Firmware 2023.04.04.01.06.15 - Denial of Service via DNS Recursion
CVSS 7.5
CVE-2023-2664 LOW
Xpdf < 4.04 - Denial of Service via PDF Object Loop Recursion
CVSS 2.9
CVE-2023-2663 LOW
Xpdf < 4.04 - Denial of Service via Page Label Tree Recursion
CVSS 2.9
CVE-2023-24472 HIGH
OpenImageIO v2.4.7.1 - Denial of Service via FitsOutput::close()
CVSS 7.5
CVE-2023-1436 MEDIUM
Jettison < 1.5.4 - Denial of Service via Infinite Recursion in JSONArray Construction
CVSS 5.9
CVE-2023-1370 HIGH
json-smart < 2.4.9 - Denial of Service via Uncontrolled Recursion in JSON Parsing
CVSS 7.5
CVE-2023-22617 HIGH
PowerDNS Recursor <4.8.1 - Info Disclosure
CVSS 7.5
CVE-2022-50407 MEDIUM
Linux Kernel 5.4-6.2 - Stack Overflow via Unbounded sscanf in QoS Configuration
CVSS 5.5
CVE-2022-50118 MEDIUM
Linux Kernel - Uncontrolled Recursion in PowerPC Performance Monitoring Unit
CVSS 5.5
CVE-2022-49782 MEDIUM
Linux Kernel - Missing SIGTRAP Check in perf_event_overflow
CVSS 5.5
CVE-2022-47374 HIGH
SIMATIC PC-Station Plus, SIMATIC S7-400 - Info Disclosure
CVSS 7.5
CVE-2022-48545 MEDIUM
xpdf 4.02 - Denial of Service via Catalog::findDestInTree Infinite Recursion
CVSS 5.5
CVE-2022-37034 MEDIUM
dotcms 5.2.0-22.06 - Denial of Service via TempResource Request-Thread Exhaustion
CVSS 5.3
CVE-2022-47662 MEDIUM
GPAC MP4Box <2.1 - Memory Corruption
CVSS 5.5
CVE-2022-41966 HIGH
XStream < 1.4.20 - Denial of Service via Recursive Hash Calculation
CVSS 8.2
CVE-2022-23516 HIGH
Loofah 2.2.0-2.19.0 - Denial of Service via Recursive CDATA Sanitization
CVSS 7.5
CVE-2022-23500 MEDIUM
TYPO3 <9.5.38, 10.4.33, 11.5.20, 12.1.1 - DoS
CVSS 5.9
CVE-2022-41881 MEDIUM
Netty <4.1.86.Final - Memory Corruption
CVSS 5.3
CVE-2022-46405 HIGH
Mastodon < 4.0.2 - Denial of Service via Uncontrolled Recursion of Bot Account Messages
CVSS 7.5
CVE-2022-42321 MEDIUM
Xen - Denial of Service via Xenstore Recursion Stack Exhaustion
CVSS 6.5
CVE-2022-27810 HIGH
Hermes < 0.12.0 - Uncontrolled Recursion via Malicious JavaScript
CVSS 7.5
CVE-2022-31628 LOW
PHP <7.4.31, 8.0.24, 8.1.11 - Use After Free
CVSS 2.3
CVE-2022-28201 MEDIUM
MediaWiki <1.35.6-1.37.2 - Info Disclosure
CVSS 4.4
CVE-2022-40150 MEDIUM
jettison < 1.4.0 - Denial of Service via Uncontrolled Recursion
CVSS 6.5
Details
Vulnerabilities 430
Links
MITRE CWE Entry Search this CWE With Exploits