VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 53 of 93
  • CVE-2018-11797MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.04

    In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

  • CVE-2018-17985MedOct 4, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.

  • CVE-2016-9040MedSep 7, 2018
    risk 0.36cvss 5.5epss 0.00

    An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and…

  • CVE-2018-6554MedSep 4, 2018
    risk 0.36cvss 5.5epss 0.01

    Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

  • CVE-2018-12641MedJun 22, 2018
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name,…

  • CVE-2018-12066MedJun 8, 2018
    risk 0.36cvss 5.5epss 0.00

    BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.

  • CVE-2017-15323MedMar 9, 2018
    risk 0.36cvss 5.5epss 0.00

    Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00,…

  • CVE-2015-9253MedFeb 19, 2018
    risk 0.36cvss 6.5epss 0.04

    An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN…

  • CVE-2018-6616MedFeb 4, 2018
    risk 0.36cvss 5.5epss 0.02

    In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2018-6352MedJan 27, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

  • CVE-2017-2734MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.00

    P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface,…

  • CVE-2017-2690MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.00

    SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with…

  • CVE-2017-15298MedOct 14, 2017
    risk 0.36cvss 5.5epss 0.02

    Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not…

  • CVE-2017-10613MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface…

  • CVE-2017-14988MedOct 3, 2017
    risk 0.36cvss 5.5epss 0.01

    Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third…

  • CVE-2017-14108MedSep 5, 2017
    risk 0.36cvss 5.5epss 0.02

    libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.

  • CVE-2017-11140MedJul 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.

  • CVE-2017-0690MedJul 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.

  • CVE-2017-10800MedJul 3, 2017
    risk 0.36cvss 5.5epss 0.01

    When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.

  • CVE-2017-10799MedJul 3, 2017
    risk 0.36cvss 5.5epss 0.01

    When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().