VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 10 of 49
  • CVE-2017-15124HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing…

  • CVE-2017-6780HigSep 7, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is…

  • CVE-2017-12944HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a…

  • CVE-2017-12435HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.

  • CVE-2017-12430HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.

  • CVE-2017-12429HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.

  • CVE-2017-1227HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.

  • CVE-2017-9350HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.

  • CVE-2017-6653HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or…

  • CVE-2017-6641HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a…

  • CVE-2017-3555HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker…

  • CVE-2017-7963HigApr 19, 2017
    risk 0.49cvss 7.5epss 0.02

    The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here,…

  • CVE-2017-5835HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

  • CVE-2016-4074HigMay 6, 2016
    risk 0.49cvss 7.5epss 0.05

    The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

  • CVE-2021-1285HigNov 18, 2024
    risk 0.48cvss 7.4epss 0.03

    Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error…

  • CVE-2019-9514HigAug 13, 2019
    risk 0.48cvss 7.5epss 0.83

    Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the…

  • CVE-2018-15373HigOct 5, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The…

  • CVE-2024-45484HigMar 25, 2025
    risk 0.47cvss epss 0.00

    An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product.

  • CVE-2026-48597HigJun 2, 2026
    risk 0.46cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open_conn/2 converts the URL scheme of every outgoing request to a BEAM atom via…

  • CVE-2026-49754HigJun 2, 2026
    risk 0.46cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). When Mint's HTTP/2 receive path observes a HEADERS frame without the END_HEADERS…