CWE-1176 Detail

CWE-1176

Inefficient CPU Computation
Incomplete
2019-01-03
00h00 +00:00
2023-10-26
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Inefficient CPU Computation

The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.

CWE Description

This issue can make the product perform more slowly, possibly in ways that are noticeable to the users. If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability.

General Informations

Modes Of Introduction

Architecture and Design
Implementation

Common Consequences

Scope Impact Likelihood
AvailabilityDoS: Resource Consumption (CPU)
OtherReduce Performance

Observed Examples

References Description

CVE-2022-37734

Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176)

Vulnerability Mapping Notes

Justification : This CWE entry is a Class and might have Base-level children that would be more appropriate
Comment : Examine children of this entry to see if there is a better fit

References

REF-1008

Computational complexity theory)
Wikipedia.
https://en.wikipedia.org/wiki/Computational_complexity_theory

Submission

Name Organization Date Date release Version
CWE Content Team MITRE 2019-01-03 +00:00 2019-01-03 +00:00 3.2

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples