CWE-407: Inefficient Algorithmic Complexity
Description
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
This example attempts to check if an input string is a "sentence" [REF-1164]. Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx.
var test_string = "Bad characters: $@#";var bad_pattern = /^(\w+\s?)*$/i;var result = test_string.search(bad_pattern);
var test_string = "Bad characters: $@#";var good_pattern = /^((?=(\w+))\2\s?)*$/i;var result = test_string.search(good_pattern);
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.