VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 42 of 93
  • CVE-2020-7791HigDec 11, 2020
    risk 0.42cvss 7.5epss 0.03

    This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.

  • CVE-2020-7793HigDec 11, 2020
    risk 0.42cvss 7.5epss 0.04

    The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

  • CVE-2020-27813HigDec 2, 2020
    risk 0.42cvss 7.5epss 0.02

    An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

  • CVE-2020-7754HigOct 27, 2020
    risk 0.42cvss 7.5epss 0.03

    This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

  • CVE-2019-20922HigSep 30, 2020
    risk 0.42cvss 7.5epss 0.04

    Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

  • CVE-2020-7733HigSep 16, 2020
    risk 0.42cvss 7.5epss 0.04

    The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

  • CVE-2018-21258HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.

  • CVE-2020-14040HigJun 17, 2020
    risk 0.42cvss 7.5epss 0.02

    The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM…

  • CVE-2020-12758HigJun 11, 2020
    risk 0.42cvss 7.5epss 0.02

    HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.

  • CVE-2020-7663HigJun 2, 2020
    risk 0.42cvss 7.5epss 0.04

    websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash…

  • CVE-2020-7662HigJun 2, 2020
    risk 0.42cvss 7.5epss 0.03

    websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash…

  • CVE-2020-7212HigMar 6, 2020
    risk 0.42cvss 7.5epss 0.03

    The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not…

  • CVE-2015-4411HigFeb 20, 2020
    risk 0.42cvss 7.5epss 0.06

    The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

  • CVE-2014-5012MedJan 10, 2020
    risk 0.42cvss 6.5epss 0.01

    DOMPDF before 0.6.2 allows denial of service.

  • CVE-2019-17592HigOct 14, 2019
    risk 0.42cvss 7.5epss 0.02

    The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.

  • CVE-2019-12041HigMay 13, 2019
    risk 0.42cvss 7.5epss 0.01

    lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

  • CVE-2019-5419HigMar 27, 2019
    risk 0.42cvss 7.5epss 0.09

    There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

  • CVE-2018-17419HigMar 7, 2019
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.

  • CVE-2019-6986HigJan 28, 2019
    risk 0.42cvss 7.5epss 0.03

    SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.

  • CVE-2018-17581MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.02

    CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.