CWE-1176
Allowed-with-ReviewInefficient CPU Computation
Abstraction: Class · Status: Incomplete
The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.
3 vulnerabilities reference this CWE, most recent first.
CVE-2024-23323 (GCVE-0-2024-23323)
Vulnerability from cvelistv5 – Published: 2024-02-09 22:50 – Updated: 2024-08-01 22:59| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
| https://github.com/envoyproxy/envoy/commit/71eeee… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.29.0, < 1.29.1
Affected: >= 1.28.0, < 1.28.1 Affected: >= 1.27.0, < 1.27.3 Affected: < 1.26.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T16:42:03.639531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:51.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1176",
"description": "CWE-1176: Inefficient CPU Computation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:50:18.938Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
}
],
"source": {
"advisory": "GHSA-x278-4w4x-r7ch",
"discovery": "UNKNOWN"
},
"title": "Excessive CPU usage when URI template matcher is configured using regex in Envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23323",
"datePublished": "2024-02-09T22:50:18.938Z",
"dateReserved": "2024-01-15T15:19:19.439Z",
"dateUpdated": "2024-08-01T22:59:32.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-92VJ-HP7M-GWCJ
Vulnerability from github – Published: 2026-05-29 20:02 – Updated: 2026-05-29 20:02Impact
Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a O(n²) algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add method is implemented as an O(n) algorithm.
Patches
Update to a patched version.
If a project's ExpandoObject data requires more than 128 properties, the default limit should be changed:
this.Serializer = this.Serializer with
{
StartingContext = this.Serializer.StartingContext with
{
Security = this.Serializer.StartingContext.Security with
{
ExpandoObjectMaxPropertyCount = 256, // Set this to whatever limit is required by your application
},
},
};
Workarounds
Avoid the non-default WithExpandoObjectConverter extension method when deserializing untrusted data.
If deserializing untrusted data into an ExpandoObject is required, developers should write a custom converter for their project that limits the number of properties allowed before initializing the object.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Nerdbank.MessagePack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1176"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T20:02:59Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nApplications that call `OptionalConverters.WithExpandoObjectConverter` and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a `O(n\u00b2)` algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an `ExpandoObject`, whose `Add` method is implemented as an `O(n)` algorithm.\n\n### Patches\n\nUpdate to a patched version.\n\nIf a project\u0027s `ExpandoObject` data requires more than 128 properties, the default limit should be changed:\n\n```cs\nthis.Serializer = this.Serializer with\n{\n\tStartingContext = this.Serializer.StartingContext with\n\t{\n\t\tSecurity = this.Serializer.StartingContext.Security with\n\t\t{\n\t\t\tExpandoObjectMaxPropertyCount = 256, // Set this to whatever limit is required by your application\n\t\t},\n\t},\n};\n```\n\n### Workarounds\n\nAvoid the non-default `WithExpandoObjectConverter` extension method when deserializing untrusted data.\nIf deserializing untrusted data into an `ExpandoObject` is required, developers should write a custom converter for their project that limits the number of properties allowed before initializing the object.",
"id": "GHSA-92vj-hp7m-gwcj",
"modified": "2026-05-29T20:02:59Z",
"published": "2026-05-29T20:02:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/AArnott/Nerdbank.MessagePack/security/advisories/GHSA-92vj-hp7m-gwcj"
},
{
"type": "WEB",
"url": "https://github.com/AArnott/Nerdbank.MessagePack/commit/c5a239e4f20c38548de44c4dd2a782efd5e2547c"
},
{
"type": "PACKAGE",
"url": "https://github.com/AArnott/Nerdbank.MessagePack"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Nerdbank.MessagePack has Inefficient CPU Computation"
}
GHSA-H36M-9QJR-PV93
Vulnerability from github – Published: 2025-09-25 15:30 – Updated: 2025-09-25 21:30PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
{
"affected": [],
"aliases": [
"CVE-2025-46153"
],
"database_specific": {
"cwe_ids": [
"CWE-1176"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T15:16:12Z",
"severity": "MODERATE"
},
"details": "PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.",
"id": "GHSA-h36m-9qjr-pv93",
"modified": "2025-09-25T21:30:25Z",
"published": "2025-09-25T15:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46153"
},
{
"type": "WEB",
"url": "https://github.com/pytorch/pytorch/issues/142853"
},
{
"type": "WEB",
"url": "https://github.com/pytorch/pytorch/pull/143460"
},
{
"type": "WEB",
"url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"
},
{
"type": "WEB",
"url": "https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a"
},
{
"type": "WEB",
"url": "https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.