Key Information from the Screenshot about CWE-674: Uncontrolled Recursion Description ID: CWE-674 Summary: The product does not properly control the amount of recursion that takes place, consuming excessive resources like CPU, memory, and stack, causing potential crashes or exits. Common Consequences Impact: Denial of Service (DoS), leading to resource exhaustion and crashes. Details: Resources like CPU, memory, and stack can be quickly consumed, leading to crashes. Potential Mitigations 1. Ensure an end condition: - Phase: Implementation - Mitigation: Ensure an end condition will be reached under all logic conditions. Test against recursion depth and exit with an error if recursion goes too deep. - Effectiveness: Moderate 2. Increase the stack size: - Phase: Implementation - Mitigation: Increase the stack size. - Effectiveness: Limited - Note: Increasing the stack size might only be a temporary measure. Demonstrative Examples Bad Example: Good Example: Selected Observed Examples (CVEs) CVE-2007-1285: Deeply nested arrays trigger stack exhaustion. CVE-2019-15118: USB-audio driver's descriptor code parsing allows unlimited recursion leading to stack exhaustion. Detection Methods Automated Static Analysis: Effective in identifying uncontrolled recursion through static application security testing (SAST). Related Attack Patterns CAPEC-230: Serialized Data with Nested Payloads CAPEC-231: Oversized Serialized Data Payloads