Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,101)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35925 1Intellectualsites 1Fastasyncworldedit Nov 21, 2024 Jun 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibili...Show more FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.Show less
CVE-2023-33141 1Microsoft 1Yet Another Reverse Proxy Nov 21, 2024 Jun 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability
CVE-2023-34462 1Netty 1Netty Nov 21, 2024 Jun 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel dur...Show more Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.Show less
CVE-2023-2990 1Globalscape 1Eft Server Nov 21, 2024 Jun 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service
CVE-2023-26434 1Open Xchange 1Open Xchange Appsuite Backend Nov 21, 2024 Jun 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource us...Show more When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. Show less
CVE-2023-26433 1Open Xchange 1Open Xchange Appsuite Backend Nov 21, 2024 Jun 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource us...Show more When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. Show less
CVE-2023-26432 1Open Xchange 1Open Xchange Appsuite Backend Nov 21, 2024 Jun 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource us...Show more When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. Show less
CVE-2023-34166 1Huawei 1Emui Dec 12, 2024 Jun 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-2831 1Mattermost 1Mattermost Nov 21, 2024 Jun 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
CVE-2023-2793 1Mattermost 1Mattermost Nov 21, 2024 Jun 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVE-2023-2785 1Mattermost 1Mattermost Nov 21, 2024 Jun 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVE-2023-2683 1Silabs 1Bluetooth Low Energy Software Development Kit Nov 21, 2024 Jun 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears th...Show more A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.Show less
CVE-2023-32229 1Bosch 2Cpp13 Firmware Cpp14 Firmware Nov 21, 2024 Jun 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video strea...Show more Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.Show less
CVE-2022-33168 1Ibm 1Security Directory Suite Va Nov 21, 2024 Jun 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
CVE-2023-29331 1Microsoft 2.net .net Framework Nov 21, 2024 Jun 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-32013 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Nov 21, 2024 Jun 14, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Windows Hyper-V Denial of Service Vulnerability
CVE-2023-2778 1Rockwellautomation 1Factorytalk Transaction Manager Nov 21, 2024 Jun 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentia...Show more A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.Show less
CVE-2023-35053 1Jetbrains 1Youtrack Nov 21, 2024 Jun 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-29767 1Appcrossx 1Crossx Jan 6, 2025 Jun 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.
CVE-2023-3163 1Ruoyi 1Ruoyi Nov 21, 2024 Jun 8, 2023 N/A· v4 7.5 HIGH· v3 2.7 LOW· v2 A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is...Show more A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.Show less

Previous 1...777879...156 Next