{"@ID": "1176", "@Name": "Inefficient CPU Computation", "@Abstraction": "Class", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product performs CPU computations using\n         algorithms that are not as efficient as they could be for the\n         needs of the developer, i.e., the computations can be\n         optimized further.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "405", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Indirect"}, {"Ordinality": "Primary"}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation"}]}, "Common_Consequences": {"Consequence": {"Scope": "Availability", "Impact": ["Reduce Performance", "DoS: Resource Consumption (CPU)"], "Note": "This issue can make the product perform more slowly, possibly in ways that are noticeable to the users.  If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability."}}, "Observed_Examples": {"Observed_Example": {"Reference": "CVE-2022-37734", "Description": "Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176)", "Link": "https://www.cve.org/CVERecord?id=CVE-2022-37734"}}, "References": {"Reference": {"@External_Reference_ID": "REF-1008"}}, "Mapping_Notes": {"Usage": "Allowed-with-Review", "Rationale": "This CWE entry is a Class and might have Base-level children that would be more appropriate", "Comments": "Examine children of this entry to see if there is a better fit", "Reasons": {"Reason": {"@Type": "Abstraction"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2019-01-03", "Submission_Version": "3.2", "Submission_ReleaseDate": "2019-01-03"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Common_Consequences, Description"}]}}
