目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-674 未经控制的递归 类漏洞列表 169

CWE-674 未经控制的递归 类弱点 169 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-674 属于资源管理不当类漏洞,指程序未对递归深度进行有效限制,导致内存或栈空间被过度消耗。攻击者通常通过构造深层嵌套的输入或恶意请求,触发无限或过深的递归调用,从而耗尽系统资源,引发拒绝服务攻击。开发者应在代码中设置明确的递归终止条件或最大深度阈值,并引入迭代逻辑替代深层递归,以确保资源使用的可控性。

MITRE CWE 官方描述
CWE:CWE-674 Uncontrolled Recursion(失控递归) 英文:产品未对发生的递归量进行适当控制,导致消耗过多资源,例如已分配的内存(allocated memory)或程序栈(program stack)。
常见影响 (2)
AvailabilityDoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.
ConfidentialityRead Application Data
In some cases, an application's interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP's memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application's insta…
缓解措施 (2)
ImplementationEnsure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.
Effectiveness: Moderate
ImplementationIncrease the stack size.
Effectiveness: Limited
代码示例 (1)
In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.
void do_something_recursive (int flg) { ... // Do some real work here, but the value of flg is unmodified if (flg) { do_something_recursive (flg); }    // flg is never modified so it is always TRUE - this call will continue until the stack explodes } int flag = 1; // Set to TRUE do_something_recursive (flag);
Bad · C
void do_something_recursive (int flg) { ... // Do some real work here // Modify value of flg on done condition if (flg) { do_something_recursive (flg); }    // returns when flg changes to 0 } int flag = 1; // Set to TRUE do_something_recursive (flag);
Good · C
CVE ID标题CVSS风险等级Published
CVE-2026-8936 grpcfuse 内核模块无限递归导致 Docker Desktop VM 崩溃漏洞 — Docker Desktop--2026-06-02
CVE-2026-40989 Self Routing 函数组合绕过漏洞 — Spring Cloud Function 5.7 Medium2026-06-01
CVE-2026-44740 go-billy 符号链接解析漏洞可能导致无限循环和资源耗尽 — go-billy 6.5 Medium2026-06-01
CVE-2026-42328 go-ipld-prime 安全漏洞 — go-ipld-prime 6.2 Medium2026-05-27
CVE-2026-6936 IBM i 安全漏洞 — i 6.5 Medium2026-05-27
CVE-2026-44844 eml_parser 安全漏洞 — eml_parser--2026-05-26
CVE-2026-7453 Autodesk 3ds Max 安全漏洞 — 3ds Max 5.3 Medium2026-05-26
CVE-2026-9358 PostCSS 安全漏洞 — postcss 4.3 Medium2026-05-24
CVE-2026-47317 SAMSUNG Escargot 安全漏洞 — Escargot 5.5 Medium2026-05-19
CVE-2026-47309 SAMSUNG Escargot 安全漏洞 — Escargot 5.5 Medium2026-05-19
CVE-2026-6811 MongoDB PHP Driver 安全漏洞 — PHP Driver 5.9 Medium2026-05-14
CVE-2026-41935 Vvveb 安全漏洞 — Vvveb 7.1 High2026-05-14
CVE-2026-6479 PostgreSQL 安全漏洞 — PostgreSQL 7.5 High2026-05-14
CVE-2026-45205 Apache Commons 安全漏洞 — Apache Commons Configuration--2026-05-14
CVE-2026-45740 protobuf.js 安全漏洞 — protobuf.js 5.3 Medium2026-05-13
CVE-2026-44289 protobuf.js 安全漏洞 — protobuf.js 7.5 High2026-05-13
CVE-2026-42445 NanaZip 安全漏洞 — NanaZip 3.3 Low2026-05-12
CVE-2026-42355 NanaZip 安全漏洞 — NanaZip 3.3 Low2026-05-12
CVE-2026-1681 Zephyr 安全漏洞 — Zephyr 6.1 Medium2026-05-12
CVE-2026-43896 jq 安全漏洞 — jq 6.2 Medium2026-05-11
CVE-2026-44777 jq 安全漏洞 — jq--2026-05-11
CVE-2026-40612 jq 安全漏洞 — jq--2026-05-11
CVE-2026-41311 liquidjs 安全漏洞 — liquidjs 7.5 High2026-05-09
CVE-2026-41673 XMLDOM 安全漏洞 — xmldom 7.5AIHighAI2026-05-07
CVE-2026-44028 Nix和lix 安全漏洞 — Nix 7.5 High2026-05-05
CVE-2026-7164 FreeBSD 安全漏洞 — FreeBSD 7.5 -2026-04-30
CVE-2026-5409 Wireshark 安全漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5408 Wireshark 安全漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5406 Wireshark 安全漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-5299 Wireshark 安全漏洞 — Wireshark 5.5 Medium2026-04-30

CWE-674(未经控制的递归) 是常见的弱点类别,本平台收录该类弱点关联的 169 条 CVE 漏洞。