Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-8247 1Google 1Android May 13, 2026 Sep 21, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close".Show less
CVE-2017-14616 1Watchguard 1Fireware May 13, 2026 Sep 20, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user w...Show more An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.Show less
CVE-2017-14342 2Canonical Imagemagick 2Imagemagick Ubuntu Linux May 13, 2026 Sep 12, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVE-2017-14341 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Sep 12, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVE-2017-14223 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Sep 9, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the he...Show more In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.Show less
CVE-2013-7428 1Mapsplugin 1Googlemaps May 13, 2026 Sep 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.
CVE-2017-14158 1Scrapy 1Scrapy May 13, 2026 Sep 5, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually...Show more Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.Show less
CVE-2017-14108 1Gnome 1Gedit May 13, 2026 Sep 5, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
CVE-2017-14137 1Imagemagick 1Imagemagick May 13, 2026 Sep 4, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVE-2015-5695 1Openstack 1Designate May 13, 2026 Aug 31, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attacke...Show more Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.Show less
CVE-2017-12077 1Synology 1Router Manager May 13, 2026 Aug 28, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, ca...Show more Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.Show less
CVE-2017-12076 1Synology 1Diskstation Manager May 13, 2026 Aug 28, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, caus...Show more Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.Show less
CVE-2017-8264 1Google 1Android May 13, 2026 Aug 11, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.
CVE-2015-2313 1Capnproto 1Capnproto May 13, 2026 Aug 9, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small...Show more Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.Show less
CVE-2015-2312 1Capnproto 1Capnproto May 13, 2026 Aug 9, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.
CVE-2017-12140 1Imagemagick 1Imagemagick May 13, 2026 Aug 2, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
CVE-2017-9259 1Surina 1Soundtouch May 13, 2026 Jul 27, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav...Show more The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.Show less
CVE-2015-1417 1Freebsd 1Freebsd May 13, 2026 Jul 25, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET...Show more The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.Show less
CVE-2017-11530 1Imagemagick 1Imagemagick May 13, 2026 Jul 23, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11527 1Imagemagick 1Imagemagick May 13, 2026 Jul 23, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

Previous 1...145146147...155 Next