CWE-674 · Uncontrolled Recursion

445 CVEs classified under CWE-674 (Uncontrolled Recursion). Browse by severity and year.

Top CVEs for CWE-674
CVESeverityScorePublishedSummary
CVE-2026-43185Critical9.82026-05-06In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negoti…
CVE-2023-51803Critical9.82024-04-01LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.
CVE-2021-41752Critical9.82022-04-05Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the ne…
CVE-2018-1000618Critical9.82018-07-09EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack…
CVE-2026-40324Critical9.12026-04-18Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLP…
CVE-2024-37973High8.82024-07-09Secure Boot Security Feature Bypass Vulnerability
CVE-2019-9545High8.82019-03-01An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a…
CVE-2019-9543High8.82019-03-01An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sendin…
CVE-2019-9144High8.82019-02-25An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted f…
CVE-2019-9143High8.82019-02-25An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafte…
CVE-2025-5302High8.62025-08-25A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerabili…
CVE-2024-20311High8.62024-03-27A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote att…
CVE-2024-25111High8.62024-03-06Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked dec…
CVE-2023-50269High8.62023-12-14Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 th…
CVE-2019-10761High8.32022-07-13This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the…
CVE-2022-41966High8.22022-12-28XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow…
CVE-2019-1003011High8.12019-02-06An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenma…
CVE-2026-23066High7.82026-02-04In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT…
CVE-2025-38459High7.82025-07-25In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. […
CVE-2025-1492High7.82025-02-20Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file