VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 71 of 93
  • CVE-2026-31051LowApr 24, 2026
    risk 0.25cvss 3.8epss 0.00

    An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component

  • CVE-2025-26863LowAug 12, 2025
    risk 0.25cvss 3.8epss 0.00

    Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.

  • CVE-2024-28717MedApr 22, 2024
    risk 0.25cvss 4.9epss 0.01

    An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

  • CVE-2023-46120MedOct 25, 2023
    risk 0.25cvss 4.9epss 0.01

    The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error.…

  • CVE-2023-28837MedApr 3, 2023
    risk 0.25cvss 4.9epss 0.01

    Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional…

  • CVE-2020-8123MedFeb 4, 2020
    risk 0.25cvss 4.9epss 0.01

    A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

  • CVE-2025-4444LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated…

  • CVE-2025-8537LowAug 5, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to…

  • CVE-2022-36114MedSep 14, 2022
    risk 0.24cvss 4.8epss 0.01

    Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size…

  • CVE-2021-23346MedMar 4, 2021
    risk 0.24cvss 4.8epss 0.02

    This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.

  • CVE-2025-27250LowAug 12, 2025
    risk 0.23cvss 3.5epss 0.00

    Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

  • CVE-2025-20084LowMay 13, 2025
    risk 0.23cvss 3.5epss 0.00

    Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

  • CVE-2025-20057LowMay 13, 2025
    risk 0.23cvss 3.5epss 0.00

    Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

  • CVE-2023-3163LowJun 8, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.

  • CVE-1999-0159LowAug 12, 1998
    risk 0.23cvss 3.5epss 0.01

    Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

  • CVE-2024-37535MedJun 9, 2024
    risk 0.22cvss 4.4epss 0.00

    GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

  • CVE-2023-37900LowJul 27, 2023
    risk 0.22cvss 3.4epss 0.01

    Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse,…

  • CVE-2021-23351MedMar 8, 2021
    risk 0.22cvss 4.4epss 0.02

    The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no…

  • CVE-2026-11478LowJun 8, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is…

  • CVE-2026-10802MedJun 4, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible…