VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 7 of 49
  • CVE-2025-0182HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package (<=0.49) via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be…

  • CVE-2024-9229HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server…

  • CVE-2024-9056HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character,…

  • CVE-2024-8028HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each…

  • CVE-2024-10713HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart…

  • CVE-2025-1059HigFeb 13, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device.

  • CVE-2024-12705HigJan 29, 2025
    risk 0.49cvss 7.5epss 0.16

    Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through…

  • CVE-2024-56316HigJan 27, 2025
    risk 0.49cvss 7.5epss 0.01

    In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of…

  • CVE-2024-55195HigJan 23, 2025
    risk 0.49cvss 7.5epss 0.01

    An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

  • CVE-2018-25108HigJan 16, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.

  • CVE-2024-54538HigDec 20, 2024
    risk 0.49cvss 7.5epss 0.01

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A remote attacker may be…

  • CVE-2024-50955HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.

  • CVE-2024-48989HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.

  • CVE-2024-23185HigSep 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The…

  • CVE-2024-1975HigJul 23, 2024
    risk 0.49cvss 7.5epss 0.02

    If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions…

  • CVE-2024-1737HigJul 23, 2024
    risk 0.49cvss 7.5epss 0.02

    Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9…

  • CVE-2024-35231HigMay 27, 2024
    risk 0.49cvss 8.6epss 0.01

    rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation.…

  • CVE-2024-34046HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment().

  • CVE-2024-26577HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.

  • CVE-2024-30156HigMar 24, 2024
    risk 0.49cvss 7.5epss 0.04

    Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.