Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5423 vulnerabilities reference this CWE, most recent first.

GHSA-C8WJ-435X-F2CC

Vulnerability from github – Published: 2023-05-26 21:30 – Updated: 2024-04-04 04:21
VLAI
Details

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp(). When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-26T21:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability exists in curl \u003cv8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.",
  "id": "GHSA-c8wj-435x-f2cc",
  "modified": "2024-04-04T04:21:32Z",
  "published": "2023-05-26T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1929597"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-12"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230609-0009"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213843"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213844"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C94H-CMW2-96CV

Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-07-03 18:46
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: bcm: dvp: Assign ->num before accessing ->hws

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in clk_dvp_probe() due to ->num being assigned after ->hws has been accessed:

UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 index 0 is out of range for type 'struct clk_hw [] __counted_by(num)' (aka 'struct clk_hw []')

Move the ->num initialization to before the first access of ->hws, which clears up the warning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-25T15:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: dvp: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nclk_dvp_probe() due to -\u003enum being assigned after -\u003ehws has been\naccessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2\n  index 0 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning.",
  "id": "GHSA-c94h-cmw2-96cv",
  "modified": "2024-07-03T18:46:57Z",
  "published": "2024-06-25T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39462"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C96X-HVMF-4PCG

Vulnerability from github – Published: 2022-05-01 07:46 – Updated: 2025-04-03 15:30
VLAI
Details

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-7229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-15T00:46:00Z",
    "severity": "HIGH"
  },
  "details": "The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.",
  "id": "GHSA-c96x-hvmf-4pcg",
  "modified": "2025-04-03T15:30:41Z",
  "published": "2022-05-01T07:46:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7229"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/65631"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28971"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26511"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-578-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9C5-9FPR-M882

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-01-25 23:16
VLAI
Summary
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number
Details

The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "sentry-raven"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-9490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:30:45Z",
    "nvd_published_at": "2015-01-20T15:59:05Z",
    "severity": "MODERATE"
  },
  "details": "The `numtok` function in `lib/raven/okjson.rb` in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.",
  "id": "GHSA-c9c5-9fpr-m882",
  "modified": "2023-01-25T23:16:15Z",
  "published": "2017-10-24T18:33:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9490"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99687"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getsentry/raven-ruby"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sentry-raven/CVE-2014-9490.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q1/26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number"
}

GHSA-C9G6-7M2J-RFH8

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-03 19:00
VLAI
Details

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-400",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660.",
  "id": "GHSA-c9g6-7m2j-rfh8",
  "modified": "2022-11-03T19:00:27Z",
  "published": "2022-11-02T12:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3807"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/files/9820612/mp42aac_exhaustive_AP4_RtpAtom50.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.212660"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9H3-C6QJ-HH7Q

Vulnerability from github – Published: 2022-09-21 00:00 – Updated: 2024-05-08 17:44
VLAI
Summary
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
Details

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kafka:kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kafka:kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kafka:kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kafka:kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-34917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770",
      "CWE-789"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-21T21:15:52Z",
    "nvd_published_at": "2022-09-20T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.",
  "id": "GHSA-c9h3-c6qj-hh7q",
  "modified": "2024-05-08T17:44:34Z",
  "published": "2022-09-21T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kafka/commit/14951a83e3fdead212156e5532359500d72f68bc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kafka/commit/2bfa24b2bd416e7b8c4a0c566b984c43904fdecb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kafka/commit/aaceb6b79bfcb1d32874ccdbc8f3138d1c1c00fb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kafka/commit/c1295662768e64b4467e27c3d5158f95f2307657"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/KAFKA-14063"
    },
    {
      "type": "WEB",
      "url": "https://kafka.apache.org/cve-list"
    },
    {
      "type": "WEB",
      "url": "https://kafka.apache.org/cve-list#CVE-2022-34917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service"
}

GHSA-C9H9-H5GF-885R

Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2025-03-04 18:29
VLAI
Summary
Magento Open Source allows Uncontrolled Resource Consumption
Details

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.5"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.4"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.6-p1"
            },
            {
              "fixed": "2.4.6-p4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.5-p1"
            },
            {
              "fixed": "2.4.5-p6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.4-p1"
            },
            {
              "fixed": "2.4.4-p7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-20716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-04T18:29:16Z",
    "nvd_published_at": "2024-02-15T14:15:45Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-c9h9-h5gf-885r",
  "modified": "2025-03-04T18:29:16Z",
  "published": "2024-02-15T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20716"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento Open Source allows Uncontrolled Resource Consumption"
}

GHSA-C9M5-G7W5-C3G2

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-0985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-10T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.",
  "id": "GHSA-c9m5-g7w5-c3g2",
  "modified": "2022-05-13T01:25:55Z",
  "published": "2022-05-13T01:25:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0985"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=70456"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43342"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43368"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2166"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46262"
    },
    {
      "type": "WEB",
      "url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2190"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-C9MW-29G5-HF3H

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-07-13 00:01
VLAI
Details

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-VD" of RV-FR-D- all versions, controller "CR800-HD" of RH-FRH-D- all versions, controller "CR800-HRD" of RH-FRHR-D- all versions, controller "CR800-VR with R16RTCPU" of RV-*FR-R- all versions, controller "CR800-HR with R16RTCPU" of RH-FRH-R- all versions, controller "CR800-HRR with R16RTCPU" of RH-FRHR-R- all versions, controller "CR800-VQ with Q172DSRCPU" of RV-FR-Q- all versions, controller "CR800-HQ with Q172DSRCPU" of RH-FRH-Q- all versions, controller "CR800-HRQ with Q172DSRCPU" of RH-FRHR-Q- all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D- all versions, controller "CR800-CHD" of RH-CRH-D- all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D- all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Resource management errors vulnerability in a robot controller of MELFA FR Series(controller \"CR800-*V*D\" of RV-*FR***-D-* all versions, controller \"CR800-*HD\" of RH-*FRH***-D-* all versions, controller \"CR800-*HRD\" of RH-*FRHR***-D-* all versions, controller \"CR800-*V*R with R16RTCPU\" of RV-*FR***-R-* all versions, controller \"CR800-*HR with R16RTCPU\" of RH-*FRH***-R-* all versions, controller \"CR800-*HRR with R16RTCPU\" of RH-*FRHR***-R-* all versions, controller \"CR800-*V*Q with Q172DSRCPU\" of RV-*FR***-Q-* all versions, controller \"CR800-*HQ with Q172DSRCPU\" of RH-*FRH***-Q-* all versions, controller \"CR800-*HRQ with Q172DSRCPU\" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller \"CR800-CVD\" of RV-8CRL-D-* all versions, controller \"CR800-CHD\" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller \"CR800-05VD\" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.",
  "id": "GHSA-c9mw-29g5-hf3h",
  "modified": "2022-07-13T00:01:05Z",
  "published": "2022-05-24T17:40:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20586"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9W5-V8R2-GV7F

Vulnerability from github – Published: 2023-04-11 06:30 – Updated: 2024-04-04 03:23
VLAI
Details

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T04:16:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\n\n",
  "id": "GHSA-c9w5-v8r2-gv7f",
  "modified": "2024-04-04T03:23:36Z",
  "published": "2023-04-11T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29185"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3303060"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.