VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 45 of 93
  • CVE-2017-14341MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.

  • CVE-2017-14223MedSep 9, 2017
    risk 0.42cvss 6.5epss 0.03

    In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is…

  • CVE-2015-5695MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a…

  • CVE-2015-2313HigAug 9, 2017
    risk 0.42cvss 7.5epss 0.02

    Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this…

  • CVE-2015-2312HigAug 9, 2017
    risk 0.42cvss 7.5epss 0.02

    Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.

  • CVE-2017-12140MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.

  • CVE-2017-11530MedJul 23, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-11527MedJul 23, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-11526MedJul 23, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.

  • CVE-2016-6312MedJul 17, 2017
    risk 0.42cvss 6.5epss 0.02

    The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of…

  • CVE-2017-7670HigJul 10, 2017
    risk 0.42cvss 7.5epss 0.05

    The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or…

  • CVE-2017-2681MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.01

    Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

  • CVE-2017-2680MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.01

    Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

  • CVE-2017-8327MedApr 29, 2017
    risk 0.42cvss 6.5epss 0.03

    The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.

  • CVE-2017-2333MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.01

    A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by…

  • CVE-2016-8780MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.

  • CVE-2017-5867MedMar 3, 2017
    risk 0.42cvss 6.5epss 0.01

    ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.

  • CVE-2015-5162HigOct 7, 2016
    risk 0.42cvss 7.5epss 0.03

    The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted…

  • CVE-2016-4592MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

  • CVE-2016-5706HigJul 3, 2016
    risk 0.42cvss 7.5epss 0.03

    js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.