CWE-1176
Inefficient CPU Computation
Incomplete
2019-01-03
00h00 +00:00
00h00 +00:00
2023-10-26
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Inefficient CPU Computation
The product performs CPU computations using
algorithms that are not as efficient as they could be for the
needs of the developer, i.e., the computations can be
optimized further.
CWE Description
This issue can make the product perform more slowly, possibly in ways that are noticeable to the users. If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability.
General Informations
Modes Of Introduction
Architecture and DesignImplementation
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Availability | DoS: Resource Consumption (CPU) | |
| Other | Reduce Performance |
Observed Examples
| References | Description |
|---|---|
CVE-2022-37734 | Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176) |
Vulnerability Mapping Notes
Justification : This CWE entry is a Class and might have Base-level children that would be more appropriateComment : Examine children of this entry to see if there is a better fit
References
REF-1008
Computational complexity theory)Wikipedia.
https://en.wikipedia.org/wiki/Computational_complexity_theory
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.2 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples |
