Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,104)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35053 1Jetbrains 1Youtrack Nov 21, 2024 Jun 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-29767 1Appcrossx 1Crossx Jan 6, 2025 Jun 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.
CVE-2023-3163 1Ruoyi 1Ruoyi Nov 21, 2024 Jun 8, 2023 N/A· v4 7.5 HIGH· v3 2.7 LOW· v2 A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is...Show more A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.Show less
CVE-2023-34109 1Zxcvbn Ts Project 1Zxcvbn Ts Nov 21, 2024 Jun 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in...Show more zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function.Show less
CVE-2023-33958 1Notaryproject 1Notation Go Nov 21, 2024 Jun 6, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the...Show more notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.Show less
CVE-2023-33957 1Notaryproject 1Notation Go Nov 21, 2024 Jun 6, 2023 N/A· v4 5.7 MEDIUM· v3 N/A· v2 notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the...Show more notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.Show less
CVE-2023-34104 2Fast Xml Parser Project Naturalintelligence 2Fast Xml Parser Fast Xml Parser Mar 9, 2026 Jun 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searchi...Show more fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option.Show less
CVE-2022-33303 1Qualcomm 21Qca6574au Firmware Qca6595au FirmwareQca6696 Firmware+18 more Nov 21, 2024 Jun 6, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.
CVE-2023-29544 1Mozilla 2Firefox Focus Jan 10, 2025 Jun 2, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android <...Show more If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.Show less
CVE-2023-0616 1Mozilla 1Thunderbird Jan 10, 2025 Jun 2, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond...Show more If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.Show less
CVE-2023-29735 1Mwm 1Edjing Mix Nov 21, 2024 May 30, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.
CVE-2023-30570 1Libreswan 1Libreswan Jan 14, 2025 May 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
CVE-2023-28320 3Apple HaxxNetapp 8Clustered Data Ontap CurlH300s Firmware+5 more Jan 15, 2025 May 26, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows...Show more A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.Show less
CVE-2023-1981 3Avahi FedoraprojectRedhat 3Avahi Enterprise LinuxFedora Nov 3, 2025 May 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
CVE-2023-20883 1Vmware 1Spring Boot Jan 16, 2025 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse...Show more In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.Show less
CVE-2023-20882 1Cloudfoundry 2Cf Deployment Routing Release Jan 16, 2025 May 26, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when clien...Show more In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.Show less
CVE-2023-33720 1Mp4v2 Project 1Mp4v2 Jan 14, 2025 May 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.
CVE-2022-39374 1Matrix 1Synapse Feb 13, 2025 May 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into acc...Show more Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0Show less
CVE-2023-32067 3C Ares Project DebianFedoraproject 3C Ares Debian LinuxFedora Nov 21, 2024 May 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target reso...Show more c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.Show less
CVE-2023-2798 1Htmlunit 1Htmlunit Nov 21, 2024 May 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a...Show more Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. Show less

Previous 1...787980...156 Next