目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-674 未经控制的递归 类漏洞列表 146

CWE-674 未经控制的递归 类弱点 146 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-674 属于资源管理不当类漏洞,指程序未对递归深度进行有效限制,导致内存或栈空间被过度消耗。攻击者通常通过构造深层嵌套的输入或恶意请求,触发无限或过深的递归调用,从而耗尽系统资源,引发拒绝服务攻击。开发者应在代码中设置明确的递归终止条件或最大深度阈值,并引入迭代逻辑替代深层递归,以确保资源使用的可控性。

MITRE CWE 官方描述
CWE:CWE-674 Uncontrolled Recursion(失控递归) 英文:产品未对发生的递归量进行适当控制,导致消耗过多资源,例如已分配的内存(allocated memory)或程序栈(program stack)。
常见影响 (2)
AvailabilityDoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.
ConfidentialityRead Application Data
In some cases, an application's interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP's memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application's insta…
缓解措施 (2)
ImplementationEnsure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.
Effectiveness: Moderate
ImplementationIncrease the stack size.
Effectiveness: Limited
代码示例 (1)
In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.
void do_something_recursive (int flg) { ... // Do some real work here, but the value of flg is unmodified if (flg) { do_something_recursive (flg); }    // flg is never modified so it is always TRUE - this call will continue until the stack explodes } int flag = 1; // Set to TRUE do_something_recursive (flag);
Bad · C
void do_something_recursive (int flg) { ... // Do some real work here // Modify value of flg on done condition if (flg) { do_something_recursive (flg); }    // returns when flg changes to 0 } int flag = 1; // Set to TRUE do_something_recursive (flag);
Good · C
CVE ID标题CVSS风险等级Published
CVE-2026-41673 xmldom XML序列化未受控递归拒绝服务漏洞 — xmldom--2026-05-07
CVE-2026-44028 Nix/Lix<2.34.7堆栈溢出致代码执行 — Nix 7.5 High2026-05-05
CVE-2026-7164 pf解析恶意SCTP包导致栈溢出漏洞 — FreeBSD 7.5AIHighAI2026-04-30
CVE-2026-5409 Wireshark 无控制递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5408 Wireshark 不受控制的递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5406 Wireshark 非受限递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5299 Wireshark 未控制递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5401 Wireshark 不受控制的递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6527 Wireshark 不受控制的递归漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-41636 Apache Thrift 安全漏洞 — Apache Thrift 7.5AIHighAI2026-04-28
CVE-2026-41606 Apache Thrift 安全漏洞 — Apache Thrift 7.5AIHighAI2026-04-28
CVE-2018-25282 Nmap 安全漏洞 — ZenMap 6.2 Medium2026-04-26
CVE-2026-42039 Axios 安全漏洞 — axios 7.5AIHighAI2026-04-24
CVE-2026-6862 Red Hat Enterprise Linux 10 安全漏洞 — Red Hat Enterprise Linux 10 5.5 Medium2026-04-22
CVE-2026-40879 nest 安全漏洞 — nest 7.5 High2026-04-21
CVE-2026-40324 Hot Chocolate 安全漏洞 — graphql-platform 9.1 Critical2026-04-17
CVE-2026-33947 jq 安全漏洞 — jq 6.2 Medium2026-04-13
CVE-2026-33908 ImageMagick 安全漏洞 — ImageMagick 7.5 High2026-04-13
CVE-2026-33902 ImageMagick 安全漏洞 — ImageMagick 5.5 Medium2026-04-13
CVE-2026-39376 FastFeedParser 安全漏洞 — fastfeedparser 7.5 High2026-04-07
CVE-2026-34211 SandboxJS 安全漏洞 — SandboxJS 7.5AIHighAI2026-04-06
CVE-2026-3778 Foxit PDF Reader和Foxit PDF Editor 安全漏洞 — Foxit PDF Editor 6.2 Medium2026-04-01
CVE-2026-34536 iccDEV 安全漏洞 — iccDEV 6.2 Medium2026-03-31
CVE-2026-33532 YAML 安全漏洞 — yaml 4.3 Medium2026-03-26
CVE-2026-4833 discount 安全漏洞 — discount 3.3 Low2026-03-26
CVE-2026-33508 Parse Server 安全漏洞 — parse-server 7.5 -2026-03-24
CVE-2026-33498 Parse Server 安全漏洞 — parse-server 7.5 -2026-03-24
CVE-2026-33320 Dasel 安全漏洞 — dasel 6.2 Medium2026-03-24
CVE-2026-26209 cbor2 安全漏洞 — cbor2 7.5 -2026-03-23
CVE-2026-32933 AutoMapper 安全漏洞 — AutoMapper 7.5 High2026-03-20

CWE-674(未经控制的递归) 是常见的弱点类别,本平台收录该类弱点关联的 146 条 CVE 漏洞。