VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 62 of 93
  • CVE-2025-12194MedOct 24, 2025
    risk 0.31cvss epss 0.00

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This…

  • CVE-2024-10846MedJan 23, 2025
    risk 0.31cvss 5.9epss 0.00

    The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7…

  • CVE-2024-13058MedDec 30, 2024
    risk 0.31cvss epss 0.00

    An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related…

  • CVE-2023-47124MedDec 4, 2023
    risk 0.31cvss 5.9epss 0.01

    Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a…

  • CVE-2023-3894MedAug 8, 2023
    risk 0.31cvss 5.8epss 0.01

    Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of…

  • CVE-2023-28846MedMar 30, 2023
    risk 0.31cvss 5.9epss 0.01

    Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an…

  • CVE-2023-27483MedMar 9, 2023
    risk 0.31cvss 5.9epss 0.01

    crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided…

  • CVE-2023-23631MedFeb 9, 2023
    risk 0.31cvss 5.9epss 0.01

    github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted…

  • CVE-2023-23625MedFeb 9, 2023
    risk 0.31cvss 5.9epss 0.01

    go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by…

  • CVE-2022-39280MedOct 6, 2022
    risk 0.31cvss 5.9epss 0.01

    dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been…

  • CVE-2022-2596MedAug 1, 2022
    risk 0.31cvss 5.9epss 0.01

    Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

  • CVE-2022-29177MedMay 20, 2022
    risk 0.31cvss 5.9epss 0.01

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17…

  • CVE-2016-10544MedMay 31, 2018
    risk 0.31cvss 5.9epss 0.01

    uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb…

  • CVE-2018-7651MedMar 4, 2018
    risk 0.31cvss 5.9epss 0.02

    index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.

  • CVE-2015-3248MedSep 26, 2017
    risk 0.31cvss 4.7epss 0.00

    openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).

  • CVE-2016-6213MedDec 28, 2016
    risk 0.31cvss 4.7epss 0.00

    fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers…

  • CVE-2026-47734MedJun 10, 2026
    risk 0.30cvss 5.7epss 0.00

    Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a huge dest_size. When dulwich ingested…

  • CVE-2026-49324MedMay 29, 2026
    risk 0.30cvss 4.6epss 0.00

    Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a…

  • CVE-2025-26500MedMar 21, 2025
    risk 0.30cvss 4.6epss 0.00

    : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.   Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.

  • CVE-2024-37904MedJun 18, 2024
    risk 0.30cvss 5.7epss 0.00

    Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines…