VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 1 of 93
  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-46775CriMay 28, 2026
    risk 0.64cvss 9.9epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability…

  • CVE-2025-61303CriOct 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is…

  • CVE-2025-43193CriJul 30, 2025
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service.

  • CVE-2025-24264CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-24260CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a privileged position may be able to perform a denial-of-service.

  • CVE-2025-24247CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination.

  • CVE-2025-24211CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.02

    This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app…

  • CVE-2025-24190CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.02

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to…

  • CVE-2024-36543CriJun 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists),…

  • CVE-2017-1000378CriJun 19, 2017
    risk 0.64cvss 9.8epss 0.04

    The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…

  • CVE-2017-9119CriMay 21, 2017
    risk 0.64cvss 9.8epss 0.04

    The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.

  • CVE-2026-28318HigKEVJun 4, 2026
    risk 0.61cvss 7.5epss 0.11

    SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the…

  • CVE-2026-22542CriJan 7, 2026
    risk 0.60cvss epss 0.00

    An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.

  • CVE-2026-22540CriJan 7, 2026
    risk 0.60cvss epss 0.00

    The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

  • CVE-2025-64388CriOct 31, 2025
    risk 0.60cvss epss 0.00

    Denial of service of the web server through specific requests to this protocol

  • CVE-2017-15595HigOct 18, 2017
    risk 0.60cvss 8.8epss 0.02

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.

  • CVE-2025-58349CriApr 6, 2026
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets…

  • CVE-2024-45163CriAug 22, 2024
    risk 0.59cvss 9.1epss 0.01

    The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary…

  • CVE-2018-3767CriJul 5, 2018
    risk 0.59cvss 9.1epss 0.01

    `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.