VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 26 of 49
  • CVE-2023-47025MedNov 16, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.

  • CVE-2022-41727MedFeb 28, 2023
    risk 0.36cvss 5.5epss 0.00

    An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

  • CVE-2022-25169MedMay 16, 2022
    risk 0.36cvss 5.5epss 0.02

    The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

  • CVE-2022-26336MedMar 4, 2022
    risk 0.36cvss 5.5epss 0.01

    A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the…

  • CVE-2021-31811MedJun 12, 2021
    risk 0.36cvss 5.5epss 0.03

    In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2020-25340MedFeb 16, 2021
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).

  • CVE-2018-13033MedJul 1, 2018
    risk 0.36cvss 5.5epss 0.03

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in…

  • CVE-2018-3738MedJun 7, 2018
    risk 0.36cvss 5.5epss 0.01

    protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

  • CVE-2018-10971MedMay 10, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file.

  • CVE-2018-5783MedJan 19, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

  • CVE-2018-5296MedJan 8, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-4868MedJan 3, 2018
    risk 0.36cvss 5.5epss 0.01

    The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

  • CVE-2017-14938MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.02

    _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

  • CVE-2017-0771MedSep 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

  • CVE-2017-13716MedAug 28, 2017
    risk 0.36cvss 5.5epss 0.01

    The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File…

  • CVE-2017-0725MedAug 9, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.

  • CVE-2017-12144MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9778MedJun 21, 2017
    risk 0.36cvss 5.5epss 0.01

    GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze…

  • CVE-2017-9039MedMay 18, 2017
    risk 0.36cvss 5.5epss 0.02

    GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

  • CVE-2026-53522MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal →…