VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 46 of 93
  • CVE-2014-3672MedMay 25, 2016
    risk 0.42cvss 6.5epss 0.00

    The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

  • CVE-2016-1784MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.

  • CVE-2014-3687HigNov 10, 2014
    risk 0.42cvss 7.5epss 0.09

    The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect…

  • CVE-2012-0260MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

  • CVE-2024-13065MedSep 3, 2025
    risk 0.41cvss 6.3epss 0.00

    Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding. This issue affects MyRezzta: from s2.02.02 before v2.05.01.

  • CVE-2022-3423HigOct 7, 2022
    risk 0.41cvss 7.3epss 0.02

    Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.

  • CVE-2022-29167HigMay 5, 2022
    risk 0.41cvss 7.4epss 0.01

    Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression…

  • CVE-2021-32723HigJun 28, 2021
    risk 0.41cvss 7.4epss 0.01

    Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight.…

  • CVE-2020-28495HigFeb 2, 2021
    risk 0.41cvss 7.3epss 0.04

    This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the…

  • CVE-2020-7766HigNov 10, 2020
    risk 0.41cvss 7.3epss 0.02

    This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does…

  • CVE-2026-47905MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47904MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47902MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-34678MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-34677MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-34673MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in…

  • CVE-2026-43653MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

  • CVE-2026-43870HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue…

  • CVE-2026-0049MedApr 6, 2026
    risk 0.40cvss 6.2epss 0.00

    In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-60419MedOct 24, 2025
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service.