Uncontrolled RecursionID: 674 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The product does not properly control the amount of recursion
that takes place, which consumes excessive resources, such as allocated memory
or the program stack.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: resource consumption
(CPU)DoS: resource consumption
(memory) | Resources including CPU, memory, and stack memory could be rapidly
consumed or exhausted, eventually leading to an exit or crash. |
Confidentiality | Read application
data | In some cases, an application's interpreter might kill a process or
thread that appears to be consuming too much resources, such as with
PHP's memory_limit setting. When the interpreter kills the
process/thread, it might report an error containing detailed information
such as the application's installation path. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | | Limit the number of recursive calls to a reasonable number. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-674 ChildOf CWE-892 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2007-1285 : Deeply nested arrays trigger stack exhaustion.
- CVE-2007-3409 : Self-referencing pointers create infinite loop and resultant stack exhaustion.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
OWASP Top Ten 2004 | A9 | Denial of Service | CWE_More_Specific |
References:None