CWE · MITRE source
CWE-674Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (2)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
CP-7 | Alternate Processing Site | CP | Supports resumption at alternate site when uncontrolled recursion causes primary site failure or crash. |
SC-5 | Denial-of-service Protection | SC | Prevents uncontrolled recursion that exhausts stack or CPU resources. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2021-42697 | 6.0 | 7.5 | 0.7554 | 2021-11-02 |
CVE-2021-45105 | 5.4 | 5.9 | 0.7043 | 2021-12-18 |
CVE-2019-13288 | 2.8 | 5.5 | 0.2751 | 2019-07-04 |
CVE-2020-12100 | 2.7 | 7.5 | 0.1961 | 2020-08-12 |
CVE-2007-3409 | 2.6 | 7.5 | 0.1803 | 2007-06-26 |
CVE-2017-8539 | 2.3 | 5.5 | 0.1918 | 2017-05-26 |
CVE-2017-8542 | 2.3 | 5.5 | 0.1918 | 2017-05-26 |
CVE-2018-0739 | 2.2 | 6.5 | 0.1444 | 2018-03-27 |
CVE-2024-4340 | 2.2 | 7.5 | 0.1240 | 2024-04-30 |
CVE-2020-12243 | 2.1 | 7.5 | 0.1076 | 2020-04-28 |
CVE-2018-1000618 | 2.0 | 9.8 | 0.0044 | 2018-07-09 |
CVE-2020-10704 | 2.0 | 7.5 | 0.0889 | 2020-05-06 |
CVE-2021-41752 | 2.0 | 9.8 | 0.0039 | 2022-04-05 |
CVE-2023-51803 | 2.0 | 9.8 | 0.0005 | 2024-04-01 |
CVE-2007-1285 | 1.9 | 7.5 | 0.0682 | 2007-03-06 |
CVE-2024-25111 | 1.9 | 8.6 | 0.0313 | 2024-03-06 |
CVE-2019-9143 | 1.8 | 8.8 | 0.0045 | 2019-02-25 |
CVE-2019-9144 | 1.8 | 8.8 | 0.0121 | 2019-02-25 |
CVE-2019-9543 | 1.8 | 8.8 | 0.0064 | 2019-03-01 |
CVE-2019-9545 | 1.8 | 8.8 | 0.0026 | 2019-03-01 |
CVE-2019-14235 | 1.8 | 7.5 | 0.0451 | 2019-08-02 |
CVE-2022-41966 | 1.8 | 8.2 | 0.0253 | 2022-12-28 |
CVE-2023-50269 | 1.8 | 8.6 | 0.0115 | 2023-12-14 |
CVE-2024-20311 | 1.8 | 8.6 | 0.0082 | 2024-03-27 |
CVE-2024-37973 | 1.8 | 8.8 | 0.0101 | 2024-07-09 |