CWE-770
Allocation of Resources Without Limits or Throttling
Description
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528
CVEs mapped to this weakness (964)
page 26 of 49| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47025 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2023 | An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | ||
| CVE-2022-41727 | — | Med | 0.36 | 5.5 | 0.00 | Feb 28, 2023 | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | |
| CVE-2022-25169 | Med | 0.36 | 5.5 | 0.02 | May 16, 2022 | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | ||
| CVE-2022-26336 | — | Med | 0.36 | 5.5 | 0.01 | Mar 4, 2022 | A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the… | |
| CVE-2021-31811 | — | Med | 0.36 | 5.5 | 0.03 | Jun 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | |
| CVE-2020-25340 | — | Med | 0.36 | 5.5 | 0.00 | Feb 16, 2021 | An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS). | |
| CVE-2018-13033 | Med | 0.36 | 5.5 | 0.03 | Jul 1, 2018 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in… | ||
| CVE-2018-3738 | — | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2018 | protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. | |
| CVE-2018-10971 | Med | 0.36 | 5.5 | 0.01 | May 10, 2018 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | ||
| CVE-2018-5783 | Med | 0.36 | 5.5 | 0.01 | Jan 19, 2018 | In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||
| CVE-2018-5296 | Med | 0.36 | 5.5 | 0.01 | Jan 8, 2018 | In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | ||
| CVE-2018-4868 | Med | 0.36 | 5.5 | 0.01 | Jan 3, 2018 | The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | ||
| CVE-2017-14938 | Med | 0.36 | 5.5 | 0.02 | Sep 30, 2017 | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | ||
| CVE-2017-0771 | Med | 0.36 | 5.5 | 0.00 | Sep 8, 2017 | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. | ||
| CVE-2017-13716 | Med | 0.36 | 5.5 | 0.01 | Aug 28, 2017 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File… | ||
| CVE-2017-0725 | Med | 0.36 | 5.5 | 0.00 | Aug 9, 2017 | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194. | ||
| CVE-2017-12144 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9778 | Med | 0.36 | 5.5 | 0.01 | Jun 21, 2017 | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze… | ||
| CVE-2017-9039 | Med | 0.36 | 5.5 | 0.02 | May 18, 2017 | GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | ||
| CVE-2026-53522 | Med | 0.35 | 6.5 | 0.00 | Jun 12, 2026 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal →… |
- risk 0.36cvss 5.5epss 0.00
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
- risk 0.36cvss 5.5epss 0.00
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
- risk 0.36cvss 5.5epss 0.02
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
- risk 0.36cvss 5.5epss 0.01
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the…
- risk 0.36cvss 5.5epss 0.03
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).
- risk 0.36cvss 5.5epss 0.03
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in…
- risk 0.36cvss 5.5epss 0.01
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
- risk 0.36cvss 5.5epss 0.01
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
- risk 0.36cvss 5.5epss 0.01
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.
- risk 0.36cvss 5.5epss 0.01
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.01
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze…
- risk 0.36cvss 5.5epss 0.02
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
- risk 0.35cvss 6.5epss 0.00
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal →…