VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 48 of 93
  • CVE-2020-14340MedJun 2, 2021
    risk 0.39cvss 5.9epss 0.02

    A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

  • CVE-2017-15130MedMar 2, 2018
    risk 0.39cvss 5.9epss 0.03

    A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

  • CVE-2017-14360MedNov 8, 2017
    risk 0.39cvss 5.9epss 0.02

    A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

  • CVE-2017-15596MedOct 18, 2017
    risk 0.39cvss 6.0epss 0.00

    An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

  • CVE-2017-9259MedJul 27, 2017
    risk 0.39cvss 5.5epss 0.06

    The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.

  • CVE-2017-7521MedJun 27, 2017
    risk 0.39cvss 5.9epss 0.04

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

  • CVE-2017-9129MedJun 21, 2017
    risk 0.39cvss 5.5epss 0.03

    The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.

  • CVE-2017-6024MedMay 6, 2017
    risk 0.39cvss 5.9epss 0.03

    A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an…

  • CVE-2017-5544MedJan 23, 2017
    risk 0.39cvss 5.9epss 0.05

    An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login…

  • CVE-2016-6307MedSep 26, 2016
    risk 0.39cvss 5.9epss 0.14

    The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and…

  • CVE-2016-4037MedMay 23, 2016
    risk 0.39cvss 6.0epss 0.00

    The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

  • CVE-2009-3621MedOct 22, 2009
    risk 0.39cvss 5.5epss 0.01

    net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect…

  • CVE-2026-55446higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary An attacker can send a `/api/v1/files/upload/` request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. ### Details…

  • CVE-2026-54772higJun 19, 2026
    risk 0.38cvss epss

    ### Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. #### Preconditions An attacker being able to reach a service which is exposing an endpoint using one of…

  • CVE-2026-53539higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Summary When parsing `application/x-www-form-urlencoded` bodies, `QuerystringParser` located the field separator with a two step lookup: it first scanned the entire remaining buffer for `&`, and only when no `&` existed anywhere ahead did it fall back to scanning for `;`.…

  • CVE-2026-50171higJun 15, 2026
    risk 0.38cvss epss 0.00

    A Denial of Service (DoS) vulnerability exists in the `@angular/common` package of Angular. The `formatNumber` function, which is also utilized by `DecimalPipe`, `PercentPipe`, and `CurrencyPipe`, does not properly validate the upper bounds of the `digitsInfo` parameter.…

  • CVE-2025-53114higJun 10, 2026
    risk 0.38cvss epss 0.00

    ### Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: ```json { …

  • CVE-2026-41721MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the…

  • CVE-2026-41711MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through…

  • CVE-2026-41840MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.