CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.4)  

CWE-674: Uncontrolled Recursion

Individual Definition in a New Window
Uncontrolled Recursion
Status: Draft
Weakness ID: 674 (Weakness Base)
+ Description
Summary

The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack.

+ Alternate Terms
Stack Exhaustion
+ Time of Introduction
* Architecture and Design
* Implementation
+ Applicable Platforms
Languages
All
+ Common Consequences
Availability

Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.

Confidentiality

In some cases, an application's interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP's memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application's installation path.

+ Observed Examples
ReferenceDescription
Deeply nested arrays trigger stack exhaustion.
Self-referencing pointers create infinite loop and resultant stack exhaustion.
+ Potential Mitigations

Limit the number of recursive calls to a reasonable number.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class691Insufficient Control Flow Management
Research Concepts (primary)1000
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfCategoryCategory730OWASP Top Ten 2004 Category A9 - Denial of Service
Weaknesses in OWASP Top Ten (2004) (primary)711
+ Affected Resources
* CPU
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
OWASP Top Ten 2004A9CWE More SpecificDenial of Service
+ Content History
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Potential_Mitigations, Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team. MITRE. 2009-03-10. (Internal)
updated Related_Attack_Patterns
Page Last Updated: May 26, 2009