CWE-400
Uncontrolled Resource Consumption
ClassDraftLikelihood: High
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (669)
page 23 of 34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-44160 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination. | |
| CVE-2024-44154 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted file may lead to unexpected app termination. | |
| CVE-2024-40841 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination. | |
| CVE-2023-31889 | Med | 0.36 | 5.5 | 0.00 | Apr 29, 2024 | An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request. | |
| CVE-2017-2734 | Med | 0.36 | 5.5 | 0.00 | Nov 22, 2017 | P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. | |
| CVE-2017-2690 | Med | 0.36 | 5.5 | 0.00 | Nov 22, 2017 | SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. | |
| CVE-2017-15298 | Med | 0.36 | 5.5 | 0.00 | Oct 14, 2017 | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | |
| CVE-2017-10613 | Med | 0.36 | 5.5 | 0.00 | Oct 13, 2017 | A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. | |
| CVE-2017-14988 | Med | 0.36 | 5.5 | 0.00 | Oct 3, 2017 | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid | |
| CVE-2017-14108 | Med | 0.36 | 5.5 | 0.01 | Sep 5, 2017 | libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | |
| CVE-2017-11140 | Med | 0.36 | 5.5 | 0.01 | Jul 10, 2017 | The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. | |
| CVE-2017-0690 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202. | |
| CVE-2017-10800 | Med | 0.36 | 5.5 | 0.00 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | |
| CVE-2017-10799 | Med | 0.36 | 5.5 | 0.00 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |
| CVE-2017-2322 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2017 | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. | |
| CVE-2017-2327 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2017 | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services. | |
| CVE-2017-7940 | Med | 0.36 | 5.5 | 0.00 | Apr 18, 2017 | The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |
| CVE-2016-10058 | Med | 0.36 | 5.5 | 0.01 | Mar 23, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | |
| CVE-2016-10047 | Med | 0.36 | 5.5 | 0.01 | Mar 23, 2017 | Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | |
| CVE-2016-8367 | Med | 0.36 | 5.3 | 0.14 | Feb 13, 2017 | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. |