VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 9 of 49
  • CVE-2021-45699HigDec 27, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.

  • CVE-2021-36155HigJul 9, 2021
    risk 0.49cvss 7.5epss 0.02

    LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.

  • CVE-2021-3637HigJul 9, 2021
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

  • CVE-2021-27383HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2020-35896HigDec 31, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.

  • CVE-2020-10705HigJun 10, 2020
    risk 0.49cvss 7.5epss 0.01

    A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

  • CVE-2020-7219HigJan 31, 2020
    risk 0.49cvss 7.5epss 0.02

    HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

  • CVE-2019-17359HigOct 8, 2019
    risk 0.49cvss 7.5epss 0.09

    The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

  • CVE-2019-15544HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.

  • CVE-2018-7821HigMay 22, 2019
    risk 0.49cvss 7.5epss 0.01

    An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2018-15383HigOct 5, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary…

  • CVE-2018-1647HigOct 5, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.

  • CVE-2018-12934HigJun 28, 2018
    risk 0.49cvss 7.5epss 0.03

    remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

  • CVE-2018-0358HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while…

  • CVE-2017-5388HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability…

  • CVE-2018-11488HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.05

    A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.

  • CVE-2018-0239HigApr 19, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an…

  • CVE-2017-13190HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.

  • CVE-2017-13189HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.