VYPR

CWE-674

Uncontrolled Recursion

ClassDraft

Description

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-230 · CAPEC-231

CVEs mapped to this weakness (235)

page 5 of 12
  • CVE-2026-6811MedMay 14, 2026
    risk 0.38cvss 5.9epss 0.00

    Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

  • CVE-2026-0990MedJan 15, 2026
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent…

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2025-7010MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on…

  • CVE-2025-7005MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows,…

  • CVE-2026-48734MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions…

  • CVE-2026-7453MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.

  • CVE-2026-6862MedApr 22, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could…

  • CVE-2025-39795MedSep 12, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by…

  • CVE-2025-38614MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some…

  • CVE-2019-11024MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.01

    The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.

  • CVE-2018-11254MedMay 18, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

  • CVE-2018-9996MedApr 10, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and…

  • CVE-2018-9138MedMar 30, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

  • CVE-2018-6544MedFeb 2, 2018
    risk 0.36cvss 5.5epss 0.02

    pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

  • CVE-2018-5772MedJan 18, 2018
    risk 0.36cvss 5.5epss 0.02

    In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

  • CVE-2017-14861MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

  • CVE-2017-0692MedJul 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.

  • CVE-2017-9617MedJun 14, 2017
    risk 0.36cvss 5.5epss 0.01

    In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.

  • CVE-2017-9616MedJun 14, 2017
    risk 0.36cvss 5.5epss 0.01

    In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.