VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 44 of 93
  • CVE-2018-0285MedMay 2, 2018
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain…

  • CVE-2018-1277MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.01

    Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially…

  • CVE-2018-7876MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-18214HigMar 4, 2018
    risk 0.42cvss 7.5epss 0.04

    The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

  • CVE-2018-7540MedFeb 27, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.

  • CVE-2017-13233MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.01

    In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0,…

  • CVE-2017-6198MedFeb 6, 2018
    risk 0.42cvss 6.5epss 0.01

    The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.

  • CVE-2017-15133HigJan 29, 2018
    risk 0.42cvss 7.5epss 0.02

    A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.

  • CVE-2018-5784MedJan 19, 2018
    risk 0.42cvss 6.5epss 0.03

    In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is…

  • CVE-2016-10707HigJan 18, 2018
    risk 0.42cvss 7.5epss 0.03

    jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

  • CVE-2018-0004MedJan 10, 2018
    risk 0.42cvss 6.5epss 0.01

    A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more…

  • CVE-2017-1000476MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.03

    ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.

  • CVE-2016-10703HigDec 14, 2017
    risk 0.42cvss 7.5epss 0.03

    A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

  • CVE-2017-17682MedDec 14, 2017
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.

  • CVE-2017-15701HigDec 1, 2017
    risk 0.42cvss 7.5epss 0.04

    In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older…

  • CVE-2017-12190MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference…

  • CVE-2017-14696HigOct 24, 2017
    risk 0.42cvss 7.5epss 0.03

    SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

  • CVE-2014-7813MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.

  • CVE-2017-15010HigOct 4, 2017
    risk 0.42cvss 7.5epss 0.03

    A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

  • CVE-2017-14342MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.01

    ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.