VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 85 of 93
  • CVE-2020-26264Dec 11, 2020
    risk 0.00cvss epss 0.02

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns…

  • CVE-2020-7793Dec 11, 2020
    risk 0.00cvss epss 0.04

    The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

  • CVE-2020-26257Dec 9, 2020
    risk 0.00cvss epss 0.02

    Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a…

  • CVE-2020-29651Dec 9, 2020
    risk 0.00cvss epss 0.05

    A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

  • CVE-2020-26256Dec 8, 2020
    risk 0.00cvss epss 0.02

    Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched…

  • CVE-2020-25630Dec 8, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and…

  • CVE-2020-27813Dec 2, 2020
    risk 0.00cvss epss 0.02

    An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

  • CVE-2020-7779Nov 26, 2020
    risk 0.00cvss epss 0.02

    All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

  • CVE-2020-26242Nov 25, 2020
    risk 0.00cvss epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

  • CVE-2020-7765Nov 16, 2020
    risk 0.00cvss epss 0.01

    This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

  • CVE-2020-7767Nov 11, 2020
    risk 0.00cvss epss 0.02

    All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.

  • CVE-2020-7766Nov 10, 2020
    risk 0.00cvss epss 0.02

    This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does…

  • CVE-2020-7761Nov 5, 2020
    risk 0.00cvss epss 0.02

    This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.

  • CVE-2020-25201Nov 4, 2020
    risk 0.00cvss epss 0.03

    HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

  • CVE-2020-7760Oct 30, 2020
    risk 0.00cvss epss 0.05

    This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.j…

  • CVE-2020-25689Oct 30, 2020
    risk 0.00cvss epss 0.01

    A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out…

  • CVE-2020-7755Oct 27, 2020
    risk 0.00cvss epss 0.02

    All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

  • CVE-2020-7754Oct 27, 2020
    risk 0.00cvss epss 0.03

    This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

  • CVE-2020-7753Oct 27, 2020
    risk 0.00cvss epss 0.04

    All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

  • CVE-2019-20922Sep 30, 2020
    risk 0.00cvss epss 0.04

    Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.