CWE-674β€”Uncontrolled Recursion

PUBLISHEDweakness record
released 2008-04-11 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-674
Abstraction:
Class
Structure:
Simple
Status:
Draft
Release Date:
2008-04-11
Latest Modification Date:
2026-04-30

Weakness Name

Uncontrolled Recursion

Description

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Common Consequences

Scope:
Availability
Impact:
DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Notes:
Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.
Scope:
Confidentiality
Impact:
Read Application Data
Notes:
In some cases, an application's interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP's memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application's installation path.

Related Weaknesses