VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 70 of 93
  • CVE-2025-48038MedSep 11, 2025
    risk 0.27cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until…

  • CVE-2025-58369MedSep 5, 2025
    risk 0.27cvss 5.3epss 0.00

    fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When…

  • CVE-2025-8449MedAug 20, 2025
    risk 0.27cvss epss 0.00

    CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.

  • CVE-2025-55152MedAug 9, 2025
    risk 0.27cvss 5.3epss 0.00

    oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or…

  • CVE-2025-54575MedJul 30, 2025
    risk 0.27cvss 5.3epss 0.00

    ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting…

  • CVE-2024-12579MedDec 13, 2024
    risk 0.27cvss 5.3epss 0.00

    The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create…

  • CVE-2024-38520MedJun 26, 2024
    risk 0.27cvss 5.3epss 0.01

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet…

  • CVE-2024-35194MedMay 20, 2024
    risk 0.27cvss 5.3epss 0.00

    Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use…

  • CVE-2024-35185MedMay 16, 2024
    risk 0.27cvss 5.3epss 0.00

    Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST…

  • CVE-2024-31209MedApr 4, 2024
    risk 0.27cvss 5.3epss 0.00

    oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in…

  • CVE-2018-25100MedMar 24, 2024
    risk 0.27cvss 5.3epss 0.01

    The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

  • CVE-2023-6180MedDec 5, 2023
    risk 0.27cvss 5.3epss 0.01

    The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each…

  • CVE-2023-5969MedNov 6, 2023
    risk 0.27cvss 5.3epss 0.01

    Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

  • CVE-2023-45810MedOct 17, 2023
    risk 0.27cvss 5.3epss 0.01

    OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not…

  • CVE-2026-49762MedJun 9, 2026
    risk 0.26cvss epss 0.00

    Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components (major, minor,…

  • CVE-2025-55631MedAug 22, 2025
    risk 0.26cvss 4.0epss 0.00

    Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to manage users' sessions system wide instead of an account-by-account basis, potentially leading to a Denial of Service (DoS) via resource exhaustion. NOTE: the Supplier…

  • CVE-2018-18855medJun 28, 2022
    risk 0.26cvss epss 0.01

    Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

  • CVE-2014-8881medSep 1, 2020
    risk 0.26cvss epss 0.02

    All versions of the `bleach` package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. ## Recommendation The `bleach` package is not currently maintained, and has not seen an update since 2014. …

  • CVE-2017-3793MedApr 20, 2017
    risk 0.26cvss 4.0epss 0.02

    A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further…

  • CVE-2026-5308MedMay 22, 2026
    risk 0.25cvss 4.9epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID:…