An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
The typical consequence is CPU consumption, but memory consumption and consumption of other resources can also occur.
CVE-2021-32617C++ library for image metadata has "quadratic complexity" issue with unnecessarily repetitive parsing each time an invalid character is encountered
CVE-2020-10735Python has "quadratic complexity" issue when converting string to int with many digits in unexpected bases
CVE-2020-5243server allows ReDOS with crafted User-Agent strings, due to overlapping capture groups that cause excessive backtracking.
CVE-2014-1474Perl-based email address parser has "quadratic complexity" issue via a string that does not contain a valid address
CVE-2003-0244CPU consumption via inputs that cause many hash table collisions.