Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9589 1Redhat 1Jboss Wildfly Application Server Nov 21, 2024 Mar 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that th...Show more Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.Show less
CVE-2017-15323 1Huawei 10Dp300 Firmware Ecns210 Td FirmwareEspace U1981 Firmware+7 more Nov 21, 2024 Mar 9, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06,...Show more Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS).Show less
CVE-2018-7876 2Debian Libming 2Debian Linux Libming Nov 21, 2024 Mar 8, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
CVE-2017-12174 2Apache Redhat 3Activemq Artemis HornetqJboss Enterprise Application Platform Nov 21, 2024 Mar 7, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memor...Show more It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.Show less
CVE-2018-1000115 4Canonical DebianMemcached+1 more 4Debian Linux MemcachedOpenstack+1 more Nov 21, 2024 Mar 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via networ...Show more Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.Show less
CVE-2017-18214 2Momentjs Tenable 2Moment Nessus Nov 21, 2024 Mar 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVE-2018-7651 1Ssri Project 1Ssri Nov 21, 2024 Mar 4, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
CVE-2017-15130 3Canonical DebianDovecot 3Debian Linux DovecotUbuntu Linux Nov 21, 2024 Mar 2, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
CVE-2018-7048 1Wowza 1Streaming Engine Nov 21, 2024 Mar 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.
CVE-2018-5501 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Mar 1, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
CVE-2018-5500 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Mar 1, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) f...Show more On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.Show less
CVE-2018-7540 2Debian Xen 2Debian Linux Xen Nov 21, 2024 Feb 27, 2018 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
CVE-2018-6532 1Icinga 1Icinga Nov 21, 2024 Feb 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.
CVE-2015-9253 1Php 1Php Nov 21, 2024 Feb 19, 2018 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthr...Show more An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.Show less
CVE-2017-17290 1Huawei 2Te60 Firmware Viewpoint 9030 Firmware Nov 21, 2024 Feb 15, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remo...Show more The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client.Show less
CVE-2017-17166 1Huawei 6Dp300 Firmware Secospace Usg6300 FirmwareSecospace Usg6500 Firmware+3 more Nov 21, 2024 Feb 15, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C3...Show more Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.Show less
CVE-2017-15345 1Huawei 1Lon L29d Firmware Nov 21, 2024 Feb 15, 2018 N/A· v4 5.3 MEDIUM· v3 5.7 MEDIUM· v2 Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could...Show more Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.Show less
CVE-2017-13233 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is neede...Show more In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.Show less
CVE-2018-6389 1Wordpress 1Wordpress Nov 21, 2024 Feb 6, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of req...Show more In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.Show less
CVE-2017-6198 1Sandstorm 1Sandstorm Nov 21, 2024 Feb 6, 2018 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk...Show more The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.Show less

Previous 1...141142143...155 Next