CWE-674(Uncontrolled Recursion)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-48734 | 2026-06-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a mi… |
| CVE-2026-46557 | 2026-06-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by… |
| CVE-2026-46689 | 2026-06-10 | Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 K… |
| CVE-2026-45664 | 2026-06-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possibl… |
| CVE-2026-9740 | 2026-06-09 | A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain ne… |
| CVE-2026-46373 | 2026-06-09 | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be li… |
| CVE-2026-49847 | 2026-06-09 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version … |
| CVE-2026-49941 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges… |
| CVE-2026-47706 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detectio… |
| CVE-2026-47320 | 2026-06-04 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: befor… |
| CVE-2026-47306 | 2026-06-04 | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. |
| CVE-2026-8936 | 2026-06-02 | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event.… |
| CVE-2026-40989 | 2026-06-01 | Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function… |
| CVE-2026-44740 | 2026-06-01 | Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loop… |
| CVE-2026-46217 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. (… |
| CVE-2026-46149 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() target_tg_pt_gp_members_show() formats LUN paths with s… |
| CVE-2026-42328 | 2026-05-27 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I… |
| CVE-2026-6936 | 2026-05-27 | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit thi… |
| CVE-2026-44844 | 2026-05-26 | eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurses… |
| CVE-2026-7453 | 2026-05-26 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Related_Attack_Patterns |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2013-02-21 | CWE Content Team | 2.4 | — | updated Relationships |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Relationships |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns, Relationships, Type |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Related_Attack_Patterns, Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Potential_Mitigations |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Demonstrative_Examples |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Demonstrative_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Potential_Mitigations |