CWE-674— Uncontrolled Recursion
369 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-674page 3 of 8
- CVE-2020-28242MEDIUMCVSS 6.5EG 6.52020-11-06
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is…
- CVE-2020-29566MEDIUMCVSS 5.5EG 5.52020-12-15
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel,…
- CVE-2020-36366MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36367MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36368MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36369MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36370MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36371MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36372MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36373MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36374MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36375MEDIUMCVSS 5.5EG 5.52021-05-28
Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2020-36691MEDIUMCVSS 5.5EG 5.52023-03-24
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
- CVE-2020-5591HIGHCVSS 7.5EG 7.52020-06-05
XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or comp…
- CVE-2020-6071HIGHCVSS 7.5EG 7.52020-03-24
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for re…
- CVE-2020-8285HIGHCVSS 7.5EG 7.52020-12-14
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
- CVE-2020-9243MEDIUMCVSS 5.5EG 5.52020-08-10
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious appli…
- CVE-2020-9861HIGHCVSS 7.5EG 7.52020-11-02
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.
- CVE-2021-20255MEDIUMCVSS 5.5EG 5.52021-03-09
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process …
- CVE-2021-21359MEDIUMCVSS 5.9EG 5.92021-03-23
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to b…
- CVE-2021-22144MEDIUMCVSS 6.5EG 6.52021-07-26
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries t…
- CVE-2021-22454MEDIUMCVSS 5.5EG 5.52021-10-28
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
- CVE-2021-27432HIGHCVSS 7.5EG 7.52021-05-20
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
- CVE-2021-27434HIGHCVSS 7.5EG 7.52021-05-20
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a s…
- CVE-2021-28040HIGHCVSS 7.5EG 7.52021-03-05
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can tri…
- CVE-2021-28210HIGHCVSS 7.8EG 7.82021-06-11
An unlimited recursion in DxeCore in EDK II.
- CVE-2021-28903HIGHCVSS 7.5EG 7.52021-05-20
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
- CVE-2021-29591HIGHCVSS 7.3EG 7.32021-05-14
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during ev…
- CVE-2021-29615LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.…
- CVE-2021-30470MEDIUMCVSS 5.5EG 5.52021-05-26
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
- CVE-2021-30471MEDIUMCVSS 5.5EG 5.52021-05-26
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
- CVE-2021-31525MEDIUMCVSS 5.9EG 5.92021-05-27
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configuration…
- CVE-2021-3530HIGHCVSS 7.5EG 7.52021-06-02
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
- CVE-2021-36154HIGHCVSS 7.5EG 7.52021-07-09
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
- CVE-2021-36395HIGHCVSS 7.5EG 7.52023-03-06
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
- CVE-2021-36773HIGHCVSS 7.5EG 7.52021-07-18
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption …
- CVE-2021-38566HIGHCVSS 7.5EG 7.52021-08-11
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.
- CVE-2021-38569HIGHCVSS 7.5EG 7.52021-08-11
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
- CVE-2021-39257MEDIUMCVSS 5.5EG 5.52021-09-07
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
- CVE-2021-39929HIGHCVSS 7.5EG 7.52021-11-19
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
- CVE-2021-3997MEDIUMCVSS 5.5EG 5.52022-08-23
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
- CVE-2021-41737HIGHCVSS 7.5EG 7.52024-11-10
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.
- CVE-2021-41752CRITICALCVSS 9.8EG 9.82022-04-05
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
- CVE-2021-42697HIGHCVSS 7.5EG 7.52021-11-02
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comm…
- CVE-2021-42717HIGHCVSS 7.5EG 7.52021-12-07
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 3…
- CVE-2021-43172HIGHCVSS 7.5EG 7.52021-11-09
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuo…
- CVE-2021-43519MEDIUMCVSS 5.5EG 5.52021-11-09
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
- CVE-2021-45105MEDIUMCVSS 5.9EG 5.92021-12-18
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of…
- CVE-2021-45832MEDIUMCVSS 5.5EG 5.52022-01-05
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
- CVE-2021-46195MEDIUMCVSS 5.5EG 5.52022-01-14
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
Map vulnerabilities like CWE-674 to your infrastructure
EchelonGraph correlates every CVE — across CWE-674 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →