Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3104 1Mongodb 1Mongodb May 13, 2026 Apr 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticat...Show more mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.Show less
CVE-2017-6019 1Schneider Electric 1Conext Combox 865 1058 Firmware May 13, 2026 Apr 7, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
CVE-2017-3885 1Cisco 1Secure Firewall Management Center May 13, 2026 Apr 7, 2017 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition be...Show more A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.Show less
CVE-2017-7397 1Backbox 1Backbox Linux May 13, 2026 Apr 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net....Show more BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.Show less
CVE-2016-8780 1Huawei 4Cloudengine 12800 Firmware Cloudengine 6800 FirmwareCloudengine 7800 Firmware+1 more May 13, 2026 Apr 2, 2017 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the sha...Show more Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.Show less
CVE-2017-2461 1Apple 4Iphone Os Mac Os XTvos+1 more May 13, 2026 Apr 2, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component....Show more An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.Show less
CVE-2017-7285 1Mikrotik 1Routeros May 13, 2026 Mar 29, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected rout...Show more A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.Show less
CVE-2016-2225 1Uclibc Ng Project 1Uclibc Ng May 13, 2026 Mar 24, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2016-2224 1Uclibc Ng Project 1Uclibc Ng May 13, 2026 Mar 24, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.
CVE-2016-10058 1Imagemagick 1Imagemagick May 13, 2026 Mar 23, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
CVE-2016-10047 1Imagemagick 1Imagemagick May 13, 2026 Mar 23, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVE-2017-3857 1Cisco 2Ios Ios Xe May 13, 2026 Mar 22, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to caus...Show more A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.Show less
CVE-2017-3856 1Cisco 1Ios Xe May 13, 2026 Mar 22, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling...Show more A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353.Show less
CVE-2014-9849 4Canonical ImagemagickOpensuse+1 more 9Imagemagick LeapOpensuse+6 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVE-2014-9842 4Canonical ImagemagickOpensuse+1 more 9Imagemagick LeapOpensuse+6 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2017-6444 1Mikrotik 1Routeros May 13, 2026 Mar 12, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by send...Show more The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.Show less
CVE-2017-6552 1Sagemcom 1Livebox Firmware May 13, 2026 Mar 9, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affect...Show more Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.Show less
CVE-2016-9643 1Webkit 1Webkit May 13, 2026 Mar 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +)...Show more The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).Show less
CVE-2017-5867 1Owncloud 1Owncloud May 13, 2026 Mar 3, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
CVE-2017-5972 1Linux 1Linux Kernel May 13, 2026 Feb 14, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption)...Show more The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.Show less

Previous 1...148149150...155 Next