VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 39 of 93
  • CVE-2022-23596HigFeb 1, 2022
    risk 0.42cvss 7.5epss 0.02

    Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant…

  • CVE-2021-43859HigFeb 1, 2022
    risk 0.42cvss 7.5epss 0.08

    XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service…

  • CVE-2022-23837HigJan 21, 2022
    risk 0.42cvss 7.5epss 0.05

    In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

  • CVE-2022-21680HigJan 14, 2022
    risk 0.42cvss 7.5epss 0.03

    Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable…

  • CVE-2021-45115HigJan 5, 2022
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where…

  • CVE-2021-44716HigJan 1, 2022
    risk 0.42cvss 7.5epss 0.04

    net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

  • CVE-2021-45711HigDec 27, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.

  • CVE-2021-23490HigDec 24, 2021
    risk 0.42cvss 7.5epss 0.02

    The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

  • CVE-2021-43854HigDec 23, 2021
    risk 0.42cvss 7.5epss 0.03

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The…

  • CVE-2020-35210MedDec 16, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.

  • CVE-2021-42836HigOct 22, 2021
    risk 0.42cvss 7.5epss 0.02

    GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

  • CVE-2021-41167HigOct 20, 2021
    risk 0.42cvss 7.5epss 0.02

    modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but,…

  • CVE-2021-37137HigOct 19, 2021
    risk 0.42cvss 7.5epss 0.06

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be…

  • CVE-2021-37136HigOct 19, 2021
    risk 0.42cvss 7.5epss 0.06

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

  • CVE-2021-3822HigSep 27, 2021
    risk 0.42cvss 7.5epss 0.01

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-39229HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a…

  • CVE-2021-32838HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

  • CVE-2021-32839HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n'…

  • CVE-2021-3795HigSep 15, 2021
    risk 0.42cvss 7.5epss 0.01

    semver-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3794HigSep 15, 2021
    risk 0.42cvss 7.5epss 0.01

    vuelidate is vulnerable to Inefficient Regular Expression Complexity