Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5425 vulnerabilities reference this CWE, most recent first.

GHSA-WH6F-P9HP-FPWJ

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:31
VLAI
Details

Microsoft Message Queuing Denial of Service Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T18:15:14Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Message Queuing Denial of Service Vulnerability",
  "id": "GHSA-wh6f-p9hp-fpwj",
  "modified": "2024-04-04T08:31:09Z",
  "published": "2023-10-10T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36579"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHGM-JR23-G3J9

Vulnerability from github – Published: 2021-09-02 17:15 – Updated: 2021-09-07 21:02
VLAI
Summary
Uncontrolled Resource Consumption in ansi-html
Details

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ansi-html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-26T14:50:45Z",
    "nvd_published_at": "2021-08-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.",
  "id": "GHSA-whgm-jr23-g3j9",
  "modified": "2021-09-07T21:02:12Z",
  "published": "2021-09-02T17:15:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23424"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Tjatse/ansi-html/issues/19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Tjatse/ansi-html"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Resource Consumption in ansi-html"
}

GHSA-WHGP-9QJC-434F

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-07-13 00:01
VLAI
Details

MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-03T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.",
  "id": "GHSA-whgp-9qjc-434f",
  "modified": "2022-07-13T00:01:15Z",
  "published": "2022-05-24T19:03:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28847"
    },
    {
      "type": "WEB",
      "url": "https://mobaxterm.mobatek.net/download-home-edition.html"
    },
    {
      "type": "WEB",
      "url": "https://mobaxterm.mobatek.net/preview.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHJ4-6X5X-4V2J

Vulnerability from github – Published: 2026-04-13 19:22 – Updated: 2026-04-27 16:21
VLAI
Summary
FITS GZIP decompression bomb in Pillow
Details

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount. Fixed in Pillow 12.2.0 (PR #9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0 Only open specific image formats, excluding FITS.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pillow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.3.0"
            },
            {
              "fixed": "12.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-13T19:22:35Z",
    "nvd_published_at": "2026-04-15T23:16:10Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nPillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).\n\n### Patches\nThe amount of data read is now limited to the necessary amount.\nFixed in Pillow 12.2.0 (PR #9521).\n\n### Workarounds\nAvoid Pillow \u003e= 10.3.0, \u003c 12.2.0\nOnly open [specific image formats](https://pillow.readthedocs.io/en/stable/releasenotes/8.0.0.html#image-open-add-formats-parameter), excluding FITS.",
  "id": "GHSA-whj4-6x5x-4v2j",
  "modified": "2026-04-27T16:21:39Z",
  "published": "2026-04-13T19:22:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/pull/9521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/python-pillow/Pillow"
    },
    {
      "type": "WEB",
      "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "FITS GZIP decompression bomb in Pillow"
}

GHSA-WHJ9-M24X-QHHP

Vulnerability from github – Published: 2023-06-22 20:00 – Updated: 2023-06-22 20:00
VLAI
Summary
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Details

Coordinated Disclosure Timeline

  • 10.06.2023: Issue reported to IntellectualSites
  • 11.06.2023: Issue is acknowledged
  • 12.06.2023: Issue has been fixed
  • 22.06.2023: Advisory has been published

Impacted version range

Before 2.6.3

Details

Proof of Concept

As a user, do the following:

  1. Select position 1 via //pos1
  2. Select position 2 adding the "Infinity" keyword via //pos2 Infinity
  3. Execute any further operation.

The steps 1 and 2 are interchangeable.

Impact

Such a task has a possibility of bringing the performing server down.

CVE

  • CVE-2023-35925

Credit

This issue was discovered and reported by @SuperMonis.

Solution

On June 12, 2023, a patch, https://github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285, has been merged addressing the vulnerability. We strongly recommend users to update their version of FastAsyncWorldEdit to 2.6.3 as soon as possible.

Workarounds

There is no direct mitigation besides updating FastAsyncWorldEdit to a patched version.

Additional Information

Users with access to the logs/ folder or shell access on their server can try to identify possible abuses of this issue by going through the logs. To sieve through the data, you can use the regex query \/\/pos[12] Infinity, then investigate all log entries that return results.

Disclosure Policy

If you discover a security vulnerability within our software, please report the issue according to our vulnerability disclosure policy.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.fastasyncworldedit:FastAsyncWorldEdit-Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-22T20:00:36Z",
    "nvd_published_at": "2023-06-23T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Coordinated Disclosure Timeline\n\n- 10.06.2023: Issue reported to IntellectualSites\n- 11.06.2023: Issue is acknowledged\n- 12.06.2023: Issue has been fixed\n- 22.06.2023: Advisory has been published\n\n### Impacted version range\n\nBefore 2.6.3\n\n### Details\n\n#### Proof of Concept\n\nAs a user, do the following:\n\n1. Select position 1 via `//pos1`\n2. Select position 2 adding the \"Infinity\" keyword via `//pos2 Infinity`\n3. Execute any further operation.\n\nThe steps 1 and 2 are interchangeable.\n\n#### Impact\n\nSuch a task has a possibility of bringing the performing server down.\n\n#### CVE\n\n- CVE-2023-35925\n\n#### Credit\n\nThis issue was discovered and [reported](https://github.com/IntellectualSites/.github/blob/main/SECURITY.md) by @SuperMonis.\n\n### Solution\n\nOn June 12, 2023, a patch, https://github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285, has been merged addressing the vulnerability.\nWe strongly recommend users to update their version of FastAsyncWorldEdit to 2.6.3 as soon as possible.\n\n### Workarounds\n\nThere is no direct mitigation besides updating FastAsyncWorldEdit to a patched version.\n\n### Additional Information\n\nUsers with access to the `logs/` folder or shell access on their server can try to identify possible abuses of this issue by going through the logs.\nTo sieve through the data, you can use the regex query `\\/\\/pos[12] Infinity`, then investigate all log entries that return results.\n\n### Disclosure Policy\n\nIf you discover a security vulnerability within our software, please report the issue according to our [vulnerability disclosure policy](https://github.com/IntellectualSites/.github/blob/main/SECURITY.md).",
  "id": "GHSA-whj9-m24x-qhhp",
  "modified": "2023-06-22T20:00:36Z",
  "published": "2023-06-22T20:00:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/security/advisories/GHSA-whj9-m24x-qhhp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35925"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/IntellectualSites/FastAsyncWorldEdit"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/releases/tag/2.6.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption"
}

GHSA-WHVX-2M69-J66G

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-11-14 19:00
VLAI
Details

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-20446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-02T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",
  "id": "GHSA-whvx-2m69-j66g",
  "modified": "2022-11-14T19:00:25Z",
  "published": "2022-05-24T17:07:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20446"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/librsvg/issues/515"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221111-0004"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4436-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ37-MPQ9-XRCM

Vulnerability from github – Published: 2024-04-26 09:30 – Updated: 2025-05-12 21:48
VLAI
Summary
Mattermost fails to limit the number of active sessions
Details

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.6.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.6.0-rc1"
            },
            {
              "fixed": "9.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.5.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.5.0"
            },
            {
              "fixed": "9.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.4.4"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.0"
            },
            {
              "fixed": "9.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.1.11"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.1.0"
            },
            {
              "fixed": "8.1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-4183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-26T19:10:41Z",
    "nvd_published_at": "2024-04-26T09:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.",
  "id": "GHSA-wj37-mpq9-xrcm",
  "modified": "2025-05-12T21:48:38Z",
  "published": "2024-04-26T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/86920d641760552c5aafa5e1d14c93bd30039bc4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/9d81eee979aee93374bff8ba6714d805e12ffb03"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/b45c3dac4c160992a1ce757ade968e8f5ec506c1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/bc699e6789cf3ba1544235087897699aaa639e7d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost fails to limit the number of active sessions"
}

GHSA-WJ55-VQCQ-GXCP

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2025-11-04 00:30
VLAI
Details

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:42:00Z",
    "severity": "MODERATE"
  },
  "details": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
  "id": "GHSA-wj55-vqcq-gxcp",
  "modified": "2025-11-04T00:30:31Z",
  "published": "2022-03-11T00:02:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3733"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/24391"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
    },
    {
      "type": "WEB",
      "url": "https://bugs.python.org/issue43075"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220407-0001"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/security/CVE-2021-3733"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJG4-WR5G-F28X

Vulnerability from github – Published: 2022-04-29 02:59 – Updated: 2022-04-29 02:59
VLAI
Details

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-1201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-01-10T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.",
  "id": "GHSA-wjg4-wr5g-f28x",
  "modified": "2022-04-29T02:59:09Z",
  "published": "2022-04-29T02:59:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1201"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=110141347502530\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=110144136213993\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11762"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WJH7-W5FX-RQ52

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-08-16 18:30
VLAI
Details

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-21T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.",
  "id": "GHSA-wjh7-w5fx-rq52",
  "modified": "2023-08-16T18:30:19Z",
  "published": "2022-05-24T17:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3554"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.