CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Parents

CWE-664

Children

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (669)

page 10 of 34

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-21823	Hig	0.49	7.5	0.00	May 16, 2024	Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
CVE-2022-32508	Hig	0.49	7.5	0.00	May 14, 2024	An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
CVE-2024-4438	Hig	0.49	7.5	0.00	May 8, 2024	The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
CVE-2024-4437	Hig	0.49	7.5	0.00	May 8, 2024	The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
CVE-2024-4436	Hig	0.49	7.5	0.00	May 8, 2024	The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
CVE-2024-4599	Hig	0.49	7.5	0.01	May 7, 2024	Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
CVE-2023-50685	Hig	0.49	7.5	0.04	May 2, 2024	An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.
CVE-2024-25355	Hig	0.49	7.5	0.00	May 1, 2024	s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.
CVE-2024-34045	Hig	0.49	7.5	0.00	Apr 30, 2024	The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().
CVE-2024-32269	Hig	0.49	7.5	0.01	Apr 29, 2024	An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.
CVE-2023-6596	Hig	0.49	7.5	0.00	Apr 25, 2024	An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
CVE-2024-26369	Hig	0.49	7.5	0.00	Mar 19, 2024	An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
CVE-2024-0842	Hig	0.49	7.5	0.00	Feb 9, 2024	The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.
CVE-2017-17901	Hig	0.49	7.5	0.01	Dec 29, 2017	ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
CVE-2014-3651	Hig	0.49	7.5	0.01	Dec 29, 2017	JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVE-2017-12741	Hig	0.49	7.5	0.05	Dec 26, 2017	Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
CVE-2017-17051	Hig	0.49	8.6	0.01	Dec 5, 2017	An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
CVE-2017-15701	Hig	0.49	7.5	0.02	Dec 1, 2017	In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
CVE-2017-1000191	Hig	0.49	7.5	0.00	Nov 17, 2017	Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
CVE-2017-14028	Hig	0.49	7.5	0.00	Nov 16, 2017	A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.