VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 78 of 93
  • CVE-2021-45700Dec 26, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.

  • CVE-2021-45711Dec 26, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.

  • CVE-2021-23490Dec 24, 2021
    risk 0.00cvss epss 0.02

    The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

  • CVE-2021-43854Dec 23, 2021
    risk 0.00cvss epss 0.03

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The…

  • CVE-2021-43843Dec 20, 2021
    risk 0.00cvss epss 0.02

    jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot…

  • CVE-2021-43838Dec 17, 2021
    risk 0.00cvss epss 0.01

    jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal…

  • CVE-2020-35210Dec 16, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.

  • CVE-2021-3912Nov 11, 2021
    risk 0.00cvss epss 0.01

    OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).

  • CVE-2021-3909Nov 11, 2021
    risk 0.00cvss epss 0.02

    OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but…

  • CVE-2021-3908Nov 11, 2021
    risk 0.00cvss epss 0.01

    OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

  • CVE-2021-41186Oct 29, 2021
    risk 0.00cvss epss 0.02

    Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain…

  • CVE-2021-42836Oct 22, 2021
    risk 0.00cvss epss 0.02

    GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

  • CVE-2021-41167Oct 20, 2021
    risk 0.00cvss epss 0.02

    modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but,…

  • CVE-2021-37136Oct 19, 2021
    risk 0.00cvss epss 0.06

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

  • CVE-2021-37137Oct 19, 2021
    risk 0.00cvss epss 0.06

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be…

  • CVE-2021-33609Oct 13, 2021
    risk 0.00cvss epss 0.01

    Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

  • CVE-2021-3822Sep 27, 2021
    risk 0.00cvss epss 0.01

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-39229Sep 20, 2021
    risk 0.00cvss epss 0.02

    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a…

  • CVE-2021-32838Sep 20, 2021
    risk 0.00cvss epss 0.02

    Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

  • CVE-2021-32839Sep 20, 2021
    risk 0.00cvss epss 0.02

    sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n'…