Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-11526 1Imagemagick 1Imagemagick May 13, 2026 Jul 23, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
CVE-2017-11521 2Debian Resiprocate 2Debian Linux Resiprocate May 13, 2026 Jul 22, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
CVE-2017-7063 1Apple 2Iphone Os Watchos May 13, 2026 Jul 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (me...Show more An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).Show less
CVE-2017-7007 1Apple 1Iphone Os May 13, 2026 Jul 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and applicati...Show more An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).Show less
CVE-2017-7684 1Apache 1Openmeetings May 13, 2026 Jul 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
CVE-2017-2348 1Juniper 1Junos May 13, 2026 Jul 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a...Show more The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX.Show less
CVE-2017-1000064 1Kitto Project 1Kitto May 13, 2026 Jul 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS
CVE-2016-6312 1Redhat 1Enterprise Linux May 13, 2026 Jul 17, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users...Show more The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.Show less
CVE-2017-9845 1Sap 1Netweaver May 13, 2026 Jul 12, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
CVE-2017-7670 1Apache 1Traffic Control May 13, 2026 Jul 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED st...Show more The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.Show less
CVE-2017-11142 1Php 1Php May 13, 2026 Jul 10, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
CVE-2017-11140 1Graphicsmagick 1Graphicsmagick May 13, 2026 Jul 10, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via cra...Show more The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.Show less
CVE-2017-9627 1Schneider Electric 1Wonderware Archestra Logger May 13, 2026 Jul 7, 2017 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker...Show more An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.Show less
CVE-2017-0690 1Google 1Android May 13, 2026 Jul 6, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.
CVE-2017-10922 1Xen 1Xen May 13, 2026 Jul 5, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
CVE-2017-10800 1Graphicsmagick 1Graphicsmagick May 13, 2026 Jul 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
CVE-2017-10799 1Graphicsmagick 1Graphicsmagick May 13, 2026 Jul 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
CVE-2017-6017 1Schneider Electric 15Bmxnoc0401 Firmware Bmxnoe0100 FirmwareBmxnoe0110 Firmware+12 more May 13, 2026 Jun 30, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H,...Show more A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.Show less
CVE-2017-7521 1Openvpn 1Openvpn May 13, 2026 Jun 27, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVE-2017-6043 1Trihedral 1Vtscada May 13, 2026 Jun 21, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be...Show more A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.Show less

Previous 1...146147148...155 Next