VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 84 of 93
  • CVE-2021-26307Jan 29, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.

  • CVE-2021-20185Jan 28, 2021
    risk 0.00cvss epss 0.01

    It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.

  • CVE-2021-21271Jan 26, 2021
    risk 0.00cvss epss 0.02

    Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of…

  • CVE-2020-28479Jan 19, 2021
    risk 0.00cvss epss 0.02

    The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

  • CVE-2020-28480Jan 19, 2021
    risk 0.00cvss epss 0.01

    The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype…

  • CVE-2020-28478Jan 19, 2021
    risk 0.00cvss epss 0.02

    This affects the package gsap before 3.6.0.

  • CVE-2021-21252Jan 13, 2021
    risk 0.00cvss epss 0.04

    The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of…

  • CVE-2020-36048Jan 7, 2021
    risk 0.00cvss epss 0.03

    Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.

  • CVE-2020-36049Jan 7, 2021
    risk 0.00cvss epss 0.03

    socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

  • CVE-2021-21236Jan 6, 2021
    risk 0.00cvss epss 0.01

    CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which…

  • CVE-2021-21235Jan 6, 2021
    risk 0.00cvss epss 0.02

    kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version…

  • CVE-2020-36066Jan 5, 2021
    risk 0.00cvss epss 0.02

    GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.

  • CVE-2020-7771Jan 4, 2021
    risk 0.00cvss epss 0.02

    The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.

  • CVE-2020-35875Dec 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.

  • CVE-2020-35896Dec 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.

  • CVE-2020-35916Dec 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)

  • CVE-2020-35857Dec 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.

  • CVE-2020-26289Dec 28, 2020
    risk 0.00cvss epss 0.02

    date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.

  • CVE-2020-35380Dec 15, 2020
    risk 0.00cvss epss 0.02

    GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

  • CVE-2020-7791Dec 11, 2020
    risk 0.00cvss epss 0.03

    This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.