VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 65 of 93
  • CVE-2013-2128MedJun 7, 2013
    risk 0.29cvss 5.5epss 0.00

    The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.

  • CVE-2011-2906MedMay 24, 2012
    risk 0.29cvss 5.5epss 0.00

    Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may…

  • CVE-2012-0879MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

  • CVE-2012-0058MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.

  • CVE-2026-10156MedMay 31, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may…

  • CVE-2026-8769MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource…

  • CVE-2026-42006MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.00

    An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open…

  • CVE-2026-6797MedApr 21, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption.…

  • CVE-2026-6601MedApr 20, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may…

  • CVE-2026-26477MedApr 3, 2026
    risk 0.28cvss 4.3epss 0.00

    An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file

  • CVE-2026-5316MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…

  • CVE-2025-7579MedJul 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has…

  • CVE-2025-53636MedJul 11, 2025
    risk 0.28cvss 5.4epss 0.00

    Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and…

  • CVE-2025-7074MedJul 5, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to…

  • CVE-2025-5892MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient…

  • CVE-2025-5890MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is…

  • CVE-2024-25132MedMar 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the…

  • CVE-2024-34036MedFeb 25, 2025
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp.

  • CVE-2024-38809MedSep 27, 2024
    risk 0.28cvss 5.3epss 0.01

    Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and…

  • CVE-2024-35221MedMay 29, 2024
    risk 0.28cvss 4.3epss 0.00

    Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases…