Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-47212 1Snowplow 1Iglu Server Apr 8, 2025 Apr 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is n...Show more An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.Show less
CVE-2025-27829 - - Apr 14, 2025 Apr 1, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces....Show more An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall.Show less
CVE-2025-24269 1Apple 1Macos Nov 7, 2025 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination.
CVE-2025-24264 1Apple 6Ipados Iphone OsMacos+3 more Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafte...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.Show less
CVE-2025-24260 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a privileged position may be able to perform a denial-of-service...Show more The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a privileged position may be able to perform a denial-of-service.Show less
CVE-2025-24247 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination.
CVE-2025-24235 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termi...Show more A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.Show less
CVE-2025-24211 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a...Show more This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.Show less
CVE-2025-24199 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause a denial-of-service.
CVE-2025-24190 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4....Show more The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.Show less
CVE-2025-3016 1Assimp 1Assimp Apr 17, 2025 Mar 31, 2025 5.3 MEDIUM· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialL...Show more A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-2586 - - Apr 1, 2025 Mar 31, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive re...Show more A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.Show less
CVE-2025-29490 1Libming 1Libming Apr 1, 2025 Mar 27, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
CVE-2025-29487 1Libming 1Libming Apr 1, 2025 Mar 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.
CVE-2025-29484 1Libming 1Libming Apr 1, 2025 Mar 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.
CVE-2025-2833 1Zhyd 1Oneblog Apr 1, 2025 Mar 27, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For le...Show more A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2820 - - Mar 27, 2025 Mar 26, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An authenticated attacker can compromise the availability of the device via the network
CVE-2025-25374 1Nasa 2Cfs Core Flight System Apr 30, 2026 Mar 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.
CVE-2025-26500 - - Mar 21, 2025 Mar 21, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Specifically crafted USB packets may lead to the system becoming unavailable This issue affect...Show more : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.Show less
CVE-2025-30160 1Redlib 1Redlib Feb 3, 2026 Mar 20, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLA...Show more Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.Show less

Previous 1...394041...155 Next