VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 36 of 93
  • CVE-2022-45003HigMar 22, 2023
    risk 0.42cvss 7.5epss 0.01

    Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.

  • CVE-2023-0821MedFeb 16, 2023
    risk 0.42cvss 6.5epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

  • CVE-2023-25578HigFeb 15, 2023
    risk 0.42cvss 7.5epss 0.01

    Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited…

  • CVE-2023-25577HigFeb 14, 2023
    risk 0.42cvss 7.5epss 0.01

    Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more…

  • CVE-2023-25576HigFeb 14, 2023
    risk 0.42cvss 7.5epss 0.01

    @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body…

  • CVE-2023-22792HigFeb 9, 2023
    risk 0.42cvss 7.5epss 0.02

    A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking.…

  • CVE-2022-44572HigFeb 9, 2023
    risk 0.42cvss 7.5epss 0.02

    A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in…

  • CVE-2022-44571HigFeb 9, 2023
    risk 0.42cvss 7.5epss 0.01

    There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of…

  • CVE-2022-44570HigFeb 9, 2023
    risk 0.42cvss 7.5epss 0.02

    A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any…

  • CVE-2022-44566HigFeb 9, 2023
    risk 0.42cvss 7.5epss 0.01

    A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer…

  • CVE-2022-3064HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.02

    Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

  • CVE-2020-36568HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.

  • CVE-2019-25072HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.

  • CVE-2022-4767HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2021-35065HigDec 26, 2022
    risk 0.42cvss 7.5epss 0.02

    The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

  • CVE-2022-40899HigDec 23, 2022
    risk 0.42cvss 7.5epss 0.02

    An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

  • CVE-2022-3510HigDec 12, 2022
    risk 0.42cvss 7.5epss 0.00

    A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with…

  • CVE-2022-3509HigDec 12, 2022
    risk 0.42cvss 7.5epss 0.01

    A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or…

  • CVE-2022-23492HigDec 8, 2022
    risk 0.42cvss 7.5epss 0.01

    go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause…

  • CVE-2022-45199HigNov 14, 2022
    risk 0.42cvss 7.5epss 0.01

    Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.