CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 51 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40951 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service. | ||
| CVE-2026-6844 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2026 | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead… | ||
| CVE-2026-20602 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2026 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service. | ||
| CVE-2025-70347 | Med | 0.36 | 5.5 | 0.00 | Feb 10, 2026 | An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c. | ||
| CVE-2024-54192 | Med | 0.36 | 5.5 | 0.00 | Feb 10, 2026 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c. | ||
| CVE-2025-66019 | Med | 0.36 | — | 0.00 | Nov 26, 2025 | pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This… | ||
| CVE-2025-27249 | — | Med | 0.36 | 5.5 | 0.00 | Nov 11, 2025 | Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result… | |
| CVE-2025-61155 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2025 | The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in… | ||
| CVE-2025-33177 | Med | 0.36 | 5.5 | 0.00 | Oct 14, 2025 | NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service. | ||
| CVE-2025-43295 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service. | ||
| CVE-2025-41227 | Med | 0.36 | 5.5 | 0.00 | May 20, 2025 | VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading… | ||
| CVE-2025-20616 | Med | 0.36 | 5.5 | 0.00 | May 13, 2025 | Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||
| CVE-2025-31251 | Med | 0.36 | 5.5 | 0.00 | May 12, 2025 | The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to… | ||
| CVE-2025-31245 | Med | 0.36 | 5.5 | 0.00 | May 12, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination. | ||
| CVE-2025-31226 | Med | 0.36 | 5.5 | 0.00 | May 12, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service. | ||
| CVE-2025-23246 | Med | 0.36 | 5.5 | 0.00 | May 1, 2025 | NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service. | ||
| CVE-2025-27087 | — | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2025 | A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack. | |
| CVE-2025-24235 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2025 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption. | ||
| CVE-2025-24199 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2025 | An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause a denial-of-service. | ||
| CVE-2024-44192 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2025 | The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash. |
- risk 0.36cvss 5.5epss 0.00
CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.
- risk 0.36cvss 5.5epss 0.00
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead…
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service.
- risk 0.36cvss 5.5epss 0.00
An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.
- risk 0.36cvss 5.5epss 0.00
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.
- risk 0.36cvss —epss 0.00
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This…
- risk 0.36cvss 5.5epss 0.00
Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result…
- risk 0.36cvss 5.5epss 0.00
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in…
- risk 0.36cvss 5.5epss 0.00
NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.
- risk 0.36cvss 5.5epss 0.00
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
- risk 0.36cvss 5.5epss 0.00
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading…
- risk 0.36cvss 5.5epss 0.00
Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to…
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.
- risk 0.36cvss 5.5epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.
- risk 0.36cvss 5.5epss 0.00
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service.
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
- risk 0.36cvss 5.5epss 0.00
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
- risk 0.36cvss 5.5epss 0.00
An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause a denial-of-service.
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.