Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,099)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48063 1Gnu 1Binutils Nov 21, 2024 Aug 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...Show more GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.Show less
CVE-2022-47696 1Gnu 1Binutils Nov 21, 2024 Aug 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
CVE-2022-47695 1Gnu 1Binutils Nov 21, 2024 Aug 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
CVE-2022-37050 2Debian Freedesktop 2Debian Linux Poppler Nov 3, 2025 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog pro...Show more In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.Show less
CVE-2020-26652 1Realtek 1Rtl8812au Firmware Nov 21, 2024 Aug 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
CVE-2020-20813 1Openvpn 1Openvpn Nov 21, 2024 Aug 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
CVE-2020-19726 1Gnu 1Binutils Nov 21, 2024 Aug 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
CVE-2020-18770 1Gdraheim 1Zziplib Jul 10, 2025 Aug 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
CVE-2023-39748 1Tp Link 1Tl Wr1041n V2 Firmware Nov 21, 2024 Aug 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-4394 1Linux 1Linux Kernel Nov 21, 2024 Aug 17, 2023 N/A· v4 6.0 MEDIUM· v3 N/A· v2 A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak in...Show more A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel informationShow less
CVE-2023-38737 1Ibm 1Websphere Application Server Nov 21, 2024 Aug 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the ser...Show more IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.Show less
CVE-2023-21280 1Google 1Android Nov 21, 2024 Aug 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User...Show more In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Show less
CVE-2023-38741 1Ibm 1Txseries For Multiplatform Nov 21, 2024 Aug 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attac...Show more IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. Show less
CVE-2021-29057 1Thoughtworks 1Node Worker Threads Pool Nov 21, 2024 Aug 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.
CVE-2023-28938 1Mdadm Project 1Mdadm Nov 21, 2024 Aug 11, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.
CVE-2023-38210 1Adobe 1Xmp Toolkit Software Development Kit Nov 21, 2024 Aug 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the contex...Show more Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-38180 2Fedoraproject Microsoft 4.net Asp.net CoreFedora+1 more Oct 28, 2025 Aug 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38178 1Microsoft 2.net Visual Studio 2022 Nov 21, 2024 Aug 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-29409 1Golang 1Go Nov 21, 2024 Aug 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Ba...Show more Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.Show less
CVE-2023-3825 1Kepware 1Kepserverex Nov 21, 2024 Jul 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various obj...Show more PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed. Show less

Previous 1...747576...155 Next