VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 3 of 93
  • CVE-2018-0233HigApr 19, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device,…

  • CVE-2018-0230HigApr 19, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting…

  • CVE-2018-0086HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on…

  • CVE-2017-12293HigOct 19, 2017
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker…

  • CVE-2017-9627HigJul 7, 2017
    risk 0.56cvss 8.6epss 0.04

    An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a…

  • CVE-2016-6171HigFeb 9, 2017
    risk 0.56cvss 8.6epss 0.03

    Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

  • CVE-2015-1779HigJan 12, 2016
    risk 0.56cvss 8.6epss 0.07

    The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

  • CVE-2006-1364HigMar 23, 2006
    risk 0.56cvss 7.5epss 0.59

    Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several…

  • CVE-2017-6019HigApr 7, 2017
    risk 0.55cvss 7.5epss 0.37

    An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.

  • CVE-2025-41361HigJun 6, 2025
    risk 0.54cvss epss 0.00

    Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of…

  • CVE-2017-5972HigFeb 14, 2017
    risk 0.54cvss 7.5epss 0.24

    The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an…

  • CVE-2026-37234HigJun 1, 2026
    risk 0.53cvss 8.2epss 0.00

    FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker…

  • CVE-2026-35277HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of…

  • CVE-2026-22541HigJan 7, 2026
    risk 0.53cvss epss 0.00

    The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

  • CVE-2025-10932HigOct 29, 2025
    risk 0.53cvss 8.2epss 0.00

    Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16.

  • CVE-2018-17281HigSep 24, 2018
    risk 0.53cvss 7.5epss 0.53

    There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to…

  • CVE-2018-10070HigApr 16, 2018
    risk 0.53cvss 7.5epss 0.13

    A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP…

  • CVE-2017-7397HigApr 3, 2017
    risk 0.53cvss 7.5epss 0.11

    BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor…

  • CVE-2017-7285HigMar 29, 2017
    risk 0.53cvss 7.5epss 0.19

    A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

  • CVE-2017-6444HigMar 12, 2017
    risk 0.53cvss 7.5epss 0.13

    The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit,…