logo

Excessive Data Query Operations in a Large Data Table

Incomplete Base
Structure: Simple
Description

This weakness occurs when an application runs a database query that uses numerous joins and sub-queries on a very large table, leading to severe performance degradation.

Extended Description

Executing complex queries with multiple joins and nested sub-queries on massive tables can cripple database performance, causing slow response times and timeouts. While definitions of 'large' vary, common benchmarks consider tables with over 1 million rows as large, with queries involving 5 or more joins or 3+ sub-queries being particularly problematic. Attackers can exploit this performance bottleneck to launch denial-of-service attacks by repeatedly triggering these inefficient queries. To mitigate this, developers should optimize queries, implement pagination, add strategic indexing, and consider caching or archiving old data to keep operational tables lean.
Common Consequences 1
Scope: Other

Impact: Reduce Performance
References 1
Automated Source Code Performance Efficiency Measure (ASCPEM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCPEM/(2023-04-07)
ID: REF-959
Related Weaknesses
ChildOf: Inefficient CPU Computation (CWE-1176)
Taxonomy Mapping
  • OMG ASCPEM