VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 64 of 93
  • CVE-2022-31078MedJul 11, 2022
    risk 0.29cvss 4.4epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler.…

  • CVE-2022-31074MedJul 11, 2022
    risk 0.29cvss 4.5epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request…

  • CVE-2022-31030MedJun 9, 2022
    risk 0.29cvss 5.5epss 0.00

    containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume…

  • CVE-2022-29202MedMay 20, 2022
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions…

  • CVE-2022-25326MedFeb 25, 2022
    risk 0.29cvss 5.5epss 0.00

    fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories…

  • CVE-2021-44228CriKEVDec 10, 2021
    risk 0.29cvss 10.0epss 1.00

    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log…

  • CVE-2021-3909MedNov 11, 2021
    risk 0.29cvss 4.4epss 0.02

    OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but…

  • CVE-2021-26307MedJan 29, 2021
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.

  • CVE-2020-35916MedDec 31, 2020
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)

  • CVE-2020-7765MedNov 16, 2020
    risk 0.29cvss 5.6epss 0.01

    This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

  • CVE-2020-8175MedJul 24, 2020
    risk 0.29cvss 5.5epss 0.01

    Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.

  • CVE-2020-8557MedJul 23, 2020
    risk 0.29cvss 5.5epss 0.01

    The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when…

  • CVE-2019-16892MedSep 25, 2019
    risk 0.29cvss 5.5epss 0.02

    In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

  • CVE-2018-17977MedOct 8, 2018
    risk 0.29cvss 4.4epss 0.00

    The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications,…

  • CVE-2018-15853MedAug 25, 2018
    risk 0.29cvss 5.5epss 0.01

    Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

  • CVE-2016-10058MedMar 23, 2017
    risk 0.29cvss 5.5epss 0.02

    Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.

  • CVE-2016-10047MedMar 23, 2017
    risk 0.29cvss 5.5epss 0.02

    Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.

  • CVE-2014-8559MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

  • CVE-2014-3690MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system…

  • CVE-2014-7970MedOct 13, 2014
    risk 0.29cvss 5.5epss 0.01

    The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the…