VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 34 of 93
  • CVE-2024-22189HigApr 4, 2024
    risk 0.42cvss 7.5epss 0.01

    quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame…

  • CVE-2023-5685HigMar 22, 2024
    risk 0.42cvss 7.5epss 0.03

    A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

  • CVE-2023-49837MedMar 21, 2024
    risk 0.42cvss 6.5epss 0.00

    Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6.

  • CVE-2024-1394HigMar 21, 2024
    risk 0.42cvss 7.5epss 0.02

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are…

  • CVE-2024-23259MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

  • CVE-2024-0842HigFeb 9, 2024
    risk 0.42cvss 7.5epss 0.01

    The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to…

  • CVE-2024-24762HigFeb 5, 2024
    risk 0.42cvss 7.5epss 0.02

    `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the…

  • CVE-2024-0241HigJan 4, 2024
    risk 0.42cvss 7.5epss 0.01

    encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.

  • CVE-2023-50730HigDec 22, 2023
    risk 0.42cvss 7.5epss 0.01

    Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries…

  • CVE-2023-50249HigDec 20, 2023
    risk 0.42cvss 7.5epss 0.01

    Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on…

  • CVE-2023-6245HigDec 8, 2023
    risk 0.42cvss 7.5epss 0.01

    The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field…

  • CVE-2023-47633HigDec 4, 2023
    risk 0.42cvss 7.5epss 0.01

    Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been…

  • CVE-2023-49316HigNov 27, 2023
    risk 0.42cvss 7.5epss 0.01

    In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

  • CVE-2023-47163HigNov 13, 2023
    risk 0.42cvss 7.5epss 0.01

    Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

  • CVE-2023-41378HigNov 6, 2023
    risk 0.42cvss 7.5epss 0.01

    In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed…

  • CVE-2023-44271HigNov 3, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw…

  • CVE-2023-43665HigNov 3, 2023
    risk 0.42cvss 7.5epss 0.01

    In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML…

  • CVE-2023-41164HigNov 3, 2023
    risk 0.42cvss 7.5epss 0.01

    In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

  • CVE-2023-40180HigOct 16, 2023
    risk 0.42cvss 7.5epss 0.01

    silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed…

  • CVE-2023-36435HigOct 10, 2023
    risk 0.42cvss 7.5epss 0.05

    Microsoft QUIC Denial of Service Vulnerability