VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 67 of 93
  • CVE-2022-28880MedAug 5, 2022
    risk 0.28cvss 4.3epss 0.00

    A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.

  • CVE-2022-35915MedAug 1, 2022
    risk 0.28cvss 5.3epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue…

  • CVE-2022-31110MedJun 29, 2022
    risk 0.28cvss 5.3epss 0.01

    RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services…

  • CVE-2022-1337MedApr 13, 2022
    risk 0.28cvss 4.3epss 0.01

    The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

  • CVE-2022-27819MedApr 7, 2022
    risk 0.28cvss 5.3epss 0.01

    SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

  • CVE-2022-21700MedJan 18, 2022
    risk 0.28cvss 5.3epss 0.01

    Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type…

  • CVE-2022-21670MedJan 10, 2022
    risk 0.28cvss 5.3epss 0.02

    markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

  • CVE-2021-43843MedDec 20, 2021
    risk 0.28cvss 5.3epss 0.02

    jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot…

  • CVE-2021-43838MedDec 17, 2021
    risk 0.28cvss 5.3epss 0.01

    jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal…

  • CVE-2021-39171MedAug 27, 2021
    risk 0.28cvss 5.3epss 0.01

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service.…

  • CVE-2021-23392MedJun 8, 2021
    risk 0.28cvss 5.3epss 0.02

    The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.

  • CVE-2020-28469MedJun 3, 2021
    risk 0.28cvss 5.3epss 0.04

    This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

  • CVE-2021-32640MedMay 25, 2021
    risk 0.28cvss 5.3epss 0.03

    ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425e…

  • CVE-2021-21419MedMay 7, 2021
    risk 0.28cvss 5.3epss 0.02

    Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts…

  • CVE-2021-23343MedMay 4, 2021
    risk 0.28cvss 5.3epss 0.02

    All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

  • CVE-2021-23364MedApr 28, 2021
    risk 0.28cvss 5.3epss 0.02

    The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

  • CVE-2021-23382MedApr 26, 2021
    risk 0.28cvss 5.3epss 0.03

    The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

  • CVE-2021-29469MedApr 23, 2021
    risk 0.28cvss 5.3epss 0.02

    Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version…

  • CVE-2021-23368MedApr 12, 2021
    risk 0.28cvss 5.3epss 0.04

    The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

  • CVE-2018-1109MedMar 30, 2021
    risk 0.28cvss 5.3epss 0.01

    A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.