The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.
View on MITREThis issue can make the product perform more slowly, possibly in ways that are noticeable to the users. If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability.
No mitigation information available for this CWE.
No detection method information available for this CWE.
Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176)
View DetailsNo relationship information available for this CWE.
CWE-1176: Inefficient CPU Computation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further. This issue can make the product perform more slowly, possibly in ways that are noticeable to the users. If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability.
If exploited, CWE-1176 (Inefficient CPU Computation) it can compromise Availability and Other, leading to outcomes such as DoS: Resource Consumption (CPU) and Reduce Performance.
MITRE documents real CVEs mapped to CWE-1176, including CVE-2022-37734. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-1176 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.