VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 66 of 93
  • CVE-2023-46442MedMay 24, 2024
    risk 0.28cvss 4.3epss 0.01

    An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).

  • CVE-2024-1300MedApr 2, 2024
    risk 0.28cvss 5.4epss 0.01

    A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server…

  • CVE-2023-50966MedMar 19, 2024
    risk 0.28cvss 5.3epss 0.01

    erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

  • CVE-2023-6193MedDec 12, 2023
    risk 0.28cvss 5.3epss 0.01

    quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by…

  • CVE-2023-49290MedDec 5, 2023
    risk 0.28cvss 5.3epss 0.01

    lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header…

  • CVE-2023-48369MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.01

    Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.

  • CVE-2023-48268MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.01

    Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

  • CVE-2023-40703MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.01

    Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. 

  • CVE-2023-5349MedOct 30, 2023
    risk 0.28cvss 5.3epss 0.01

    A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

  • CVE-2023-26144MedSep 20, 2023
    risk 0.28cvss 5.3epss 0.01

    Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system…

  • CVE-2023-3637MedJul 25, 2023
    risk 0.28cvss 4.3epss 0.01

    An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to…

  • CVE-2023-33958MedJun 6, 2023
    risk 0.28cvss 5.4epss 0.00

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the…

  • CVE-2023-26044MedMay 17, 2023
    risk 0.28cvss 5.3epss 0.01

    react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability…

  • CVE-2023-26048MedApr 18, 2023
    risk 0.28cvss 5.3epss 0.03

    Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends…

  • CVE-2023-28626MedMar 28, 2023
    risk 0.28cvss 5.3epss 0.01

    comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in…

  • CVE-2022-25927MedJan 26, 2023
    risk 0.28cvss 5.3epss 0.02

    Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

  • CVE-2022-4565MedDec 16, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been…

  • CVE-2022-23524MedDec 15, 2022
    risk 0.28cvss 5.3epss 0.01

    Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow…

  • CVE-2022-21222MedSep 30, 2022
    risk 0.28cvss 5.3epss 0.01

    The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

  • CVE-2022-36083MedSep 7, 2022
    risk 0.28cvss 5.3epss 0.01

    JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named `p2c` PBES2…