Weakness ID: 674 (Weakness Base) Status: Draft
The product does not properly control the amount of recursion that takes place, which consumes excessive
resources, such as allocated memory or the program stack.
Time of Introduction
Architecture and Design
Technical Impact: DoS: resource consumption
(CPU); DoS: resource consumption
Resources including CPU, memory, and stack memory could be rapidly
consumed or exhausted, eventually leading to an exit or crash.
Technical Impact: Read application
In some cases, an application's interpreter might kill a process or
thread that appears to be consuming too much resources, such as with
PHP's memory_limit setting. When the interpreter kills the
process/thread, it might report an error containing detailed information
such as the application's installation path.
CVE-2007-1285 Deeply nested arrays trigger stack
CVE-2007-3409 Self-referencing pointers create infinite loop and
resultant stack exhaustion.
Limit the number of recursive calls to a reasonable number.
Mapped Taxonomy Name Node ID Fit Mapped Node Name
OWASP Top Ten 2004 A9 CWE_More_Specific Denial of Service
Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Potential_Mitigations,
Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Common_Consequences, Relationships,
Taxonomy_Mappings 2009-03-10 CWE Content Team MITRE Internal updated Related_Attack_Patterns 2011-03-29 CWE Content Team MITRE Internal updated Relationships 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships 2012-10-30 CWE Content Team MITRE Internal updated Potential_Mitigations 2013-02-21 CWE Content Team MITRE Internal updated Relationships 2014-02-18 CWE Content Team MITRE Internal updated Related_Attack_Patterns