VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 63 of 93
  • CVE-2023-26470MedMar 2, 2023
    risk 0.30cvss 5.7epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and…

  • CVE-2022-23471MedDec 7, 2022
    risk 0.30cvss 5.7epss 0.01

    containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails…

  • CVE-2021-21236MedJan 6, 2021
    risk 0.30cvss 5.7epss 0.01

    CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which…

  • CVE-2021-21235MedJan 6, 2021
    risk 0.30cvss 5.7epss 0.02

    kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version…

  • CVE-2020-26256MedDec 8, 2020
    risk 0.30cvss 5.7epss 0.02

    Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched…

  • CVE-2020-5236MedFeb 4, 2020
    risk 0.30cvss 5.7epss 0.03

    Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use…

  • CVE-2018-16487MedFeb 1, 2019
    risk 0.30cvss 5.6epss 0.02

    A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

  • CVE-2026-45078MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.00

    Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.

  • CVE-2026-48155MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

  • CVE-2026-35901MedApr 27, 2026
    risk 0.29cvss 4.4epss 0.00

    A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset…

  • CVE-2026-6060MedApr 20, 2026
    risk 0.29cvss 4.5epss 0.00

    A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:  * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X…

  • CVE-2025-13466MedNov 24, 2025
    risk 0.29cvss epss 0.00

    body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and…

  • CVE-2025-22242MedJun 13, 2025
    risk 0.29cvss 5.6epss 0.00

    Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could…

  • CVE-2024-12345MedJan 27, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to…

  • CVE-2023-33202MedNov 23, 2023
    risk 0.29cvss 5.5epss 0.01

    Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a…

  • CVE-2023-42503MedSep 14, 2023
    risk 0.29cvss 5.5epss 0.00

    Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party…

  • CVE-2023-25399MedJul 5, 2023
    risk 0.29cvss 5.5epss 0.00

    A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

  • CVE-2023-1289MedMar 23, 2023
    risk 0.29cvss 5.5epss 0.01

    A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp,"…

  • CVE-2022-31080MedJul 11, 2022
    risk 0.29cvss 4.4epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of…

  • CVE-2022-31079MedJul 11, 2022
    risk 0.29cvss 4.4epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a…