CWE-674 453 個 CVE MITRE 定義 ↗

CWE-674:Uncontrolled Recursion

概覽

CWE-674(Uncontrolled Recursion)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-40007 2026-07-10 Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively…
CVE-2026-59927 2026-07-08 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, al…
CVE-2026-14803 2026-07-05 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_deco…
CVE-2026-38970 2026-07-02 pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseO…
CVE-2026-55594 2026-07-01 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack…
CVE-2026-56148 2026-07-01 Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive…
CVE-2026-49451 2026-06-30 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until…
CVE-2026-57081 2026-06-30 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each …
CVE-2026-54888 2026-06-29 Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST usi…
CVE-2026-13757 2026-06-29 A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no re…
CVE-2026-53288 2026-06-26 In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of ini…
CVE-2026-47770 2026-06-25 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denia…
CVE-2026-53267 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report [1]. A rule…
CVE-2026-53202 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast t…
CVE-2026-54297 2026-06-24 Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query para…
CVE-2025-71382 2026-06-23 MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted E…
CVE-2026-48513 2026-06-22 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStep(ref r…
CVE-2026-48512 2026-06-22 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a dept…
CVE-2026-48506 2026-06-22 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or…
CVE-2026-48502 2026-06-22 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension leng…

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns
2011-03-29 CWE Content Team 1.12 updated Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Relationships
2014-02-18 CWE Content Team 2.6 updated Related_Attack_Patterns
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Relationships
2019-01-03 CWE Content Team 3.2 updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Related_Attack_Patterns, Relationships
2020-12-10 CWE Content Team 4.3 updated Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction
2021-03-15 CWE Content Team 4.4 updated Potential_Mitigations
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples
2023-01-31 CWE Content Team 4.10 updated Description, Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Potential_Mitigations
cvelogic Threat Intelligence