VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 43 of 49
  • CVE-2022-41717Dec 8, 2022
    risk 0.00cvss epss 0.06

    An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the…

  • CVE-2022-23487Dec 7, 2022
    risk 0.00cvss epss 0.01

    js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can…

  • CVE-2022-23486Dec 7, 2022
    risk 0.00cvss epss 0.01

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of…

  • CVE-2022-4045Nov 23, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. 

  • CVE-2022-4044Nov 23, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.

  • CVE-2022-41932Nov 23, 2022
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database…

  • CVE-2022-43686Nov 14, 2022
    risk 0.00cvss epss 0.01

    In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).

  • CVE-2022-3439Oct 14, 2022
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.

  • CVE-2022-3456Oct 13, 2022
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.

  • CVE-2022-3423Oct 7, 2022
    risk 0.00cvss epss 0.02

    Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.

  • CVE-2022-3273Oct 6, 2022
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

  • CVE-2022-3371Sep 30, 2022
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

  • CVE-2022-3364Sep 29, 2022
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

  • CVE-2022-3298Sep 26, 2022
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2022-3295Sep 26, 2022
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2022-34917Sep 20, 2022
    risk 0.00cvss epss 0.01

    A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial…

  • CVE-2022-3212Sep 14, 2022
    risk 0.00cvss epss 0.01

    <bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to…

  • CVE-2022-36104Sep 13, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another…

  • CVE-2022-25897Sep 8, 2022
    risk 0.00cvss epss 0.01

    The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

  • CVE-2022-36049Sep 7, 2022
    risk 0.00cvss epss 0.01

    Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found…