CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5412 vulnerabilities reference this CWE, most recent first.
GHSA-CR42-RG2M-MQ4Q
Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-05-18 14:20Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Docling, the exponential expansion of entities leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "docling"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.61.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31247"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T14:20:53Z",
"nvd_published_at": "2026-05-11T16:17:29Z",
"severity": "HIGH"
},
"details": "Docling\u0027s JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Docling, the exponential expansion of entities leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser.",
"id": "GHSA-cr42-rg2m-mq4q",
"modified": "2026-05-18T14:20:53Z",
"published": "2026-05-11T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31247"
},
{
"type": "PACKAGE",
"url": "https://github.com/docling-project/docling"
},
{
"type": "WEB",
"url": "https://www.notion.so/CVE-2026-31247-35d1e1393188818fa654c116c6a470bb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Docling\u0027s JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks"
}
GHSA-CR5R-MF64-93WQ
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:44ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
{
"affected": [],
"aliases": [
"CVE-2017-14341"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-12T17:29:00Z",
"severity": "HIGH"
},
"details": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.",
"id": "GHSA-cr5r-mf64-93wq",
"modified": "2025-04-20T03:44:45Z",
"published": "2022-05-13T01:14:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14341"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/654"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRFV-R2FV-7458
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
{
"affected": [],
"aliases": [
"CVE-2026-4410"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:33Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.",
"id": "GHSA-crfv-r2fv-7458",
"modified": "2026-05-27T15:33:24Z",
"published": "2026-05-27T15:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4410"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7273424"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRGC-2583-RW27
Vulnerability from github – Published: 2024-05-20 20:43 – Updated: 2024-05-20 22:07Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates.
Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the user control both the template and the params for it, and in a subset of these cases, Minder reads the generated template entirely into memory. When Minders templating meets both of these conditions, an attacker is able to generate large enough templates that Minder will exhaust memory and crash.
One of these places is the REST ingester:
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L115-L123
With control over both endpoint and retp on the following line:
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121
… an attacker can make Minder generate a large template that Minder reads into memory on the following line by invoking endpoint.String():
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L131
Consider this example:
package main
import (
"fmt"
"html/template"
"os"
)
type EndpointTemplateParams struct {
// Params are the parameters to be used in the template
Params map[string]any
}
func main() {
retp := &EndpointTemplateParams{
Params: map[string]any{
"params": make([]string, 10),
},
}
fmt.Println(retp)
const templ = `
{{range $idx, $e := .Params.params}}
loooooooooooooooooooooooooooooooong-string-{{$idx}}
{{end}}
{{range $idx, $e := .Params.params}}
loooooooooooooooooooooooooooooooong-string-{{$idx}}
{{end}}
{{range $idx, $e := .Params.params}}
loooooooooooooooooooooooooooooooong-string-{{$idx}}
{{end}}`
tmpl := template.Must(template.New("").Parse(templ))
if err := tmpl.Execute(os.Stdout, retp); err != nil {
panic(err)
}
}
This example imitates the behavior on these lines:
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L115-L123
Running this example generates the following template:
loooooooooooooooooooooooooooooooong-string-0
loooooooooooooooooooooooooooooooong-string-1
loooooooooooooooooooooooooooooooong-string-2
loooooooooooooooooooooooooooooooong-string-3
loooooooooooooooooooooooooooooooong-string-4
loooooooooooooooooooooooooooooooong-string-5
loooooooooooooooooooooooooooooooong-string-6
loooooooooooooooooooooooooooooooong-string-7
loooooooooooooooooooooooooooooooong-string-8
loooooooooooooooooooooooooooooooong-string-9
loooooooooooooooooooooooooooooooong-string-0
loooooooooooooooooooooooooooooooong-string-1
loooooooooooooooooooooooooooooooong-string-2
loooooooooooooooooooooooooooooooong-string-3
loooooooooooooooooooooooooooooooong-string-4
loooooooooooooooooooooooooooooooong-string-5
loooooooooooooooooooooooooooooooong-string-6
loooooooooooooooooooooooooooooooong-string-7
loooooooooooooooooooooooooooooooong-string-8
loooooooooooooooooooooooooooooooong-string-9
loooooooooooooooooooooooooooooooong-string-0
loooooooooooooooooooooooooooooooong-string-1
loooooooooooooooooooooooooooooooong-string-2
loooooooooooooooooooooooooooooooong-string-3
loooooooooooooooooooooooooooooooong-string-4
loooooooooooooooooooooooooooooooong-string-5
loooooooooooooooooooooooooooooooong-string-6
loooooooooooooooooooooooooooooooong-string-7
loooooooooooooooooooooooooooooooong-string-8
loooooooooooooooooooooooooooooooong-string-9
A malicious user can call the loop more times, increase the loop count and/or make the repeated long string longer to make the size of the template bigger.
A sufficiently large template will consume a lot of memory on this line which will exhaust memory on the machine and crash the Minder server:
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121
Minder should enforce a limit to generated templates before reading them into memory.
The following templates are believed to be vulnerable:
https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121
https://github.com/stacklok/minder/blob/e7f9914de9af5a69e3e6fe2bdfaaf22e62be42c0/internal/engine/actions/remediate/pull_request/pull_request.go#L199
https://github.com/stacklok/minder/blob/e7f9914de9af5a69e3e6fe2bdfaaf22e62be42c0/internal/engine/actions/remediate/pull_request/pull_request.go#L510
Minder has a few other templates especially in its engine which needs reviewing too. As a default, all templates should be limited in size before Minder reads them into memory.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/stacklok/minder"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.50"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35194"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-20T20:43:54Z",
"nvd_published_at": "2024-05-20T21:15:09Z",
"severity": "MODERATE"
},
"details": "Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates.\n\nMinder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the user control both the template and the params for it, and in a subset of these cases, Minder reads the generated template entirely into memory. When Minders templating meets both of these conditions, an attacker is able to generate large enough templates that Minder will exhaust memory and crash.\n\nOne of these places is the REST ingester:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L115-L123\n\nWith control over both endpoint and `retp` on the following line:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121\n\n\u2026 an attacker can make Minder generate a large template that Minder reads into memory on the following line by invoking `endpoint.String()`:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L131\n\nConsider this example:\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"html/template\"\n \"os\"\n)\n\ntype EndpointTemplateParams struct {\n // Params are the parameters to be used in the template\n Params map[string]any\n}\n\nfunc main() {\n retp := \u0026EndpointTemplateParams{\n Params: map[string]any{\n \"params\": make([]string, 10),\n },\n }\n fmt.Println(retp)\n const templ = `\n {{range $idx, $e := .Params.params}}\n loooooooooooooooooooooooooooooooong-string-{{$idx}}\n{{end}}\n {{range $idx, $e := .Params.params}}\n loooooooooooooooooooooooooooooooong-string-{{$idx}}\n{{end}}\n {{range $idx, $e := .Params.params}}\n loooooooooooooooooooooooooooooooong-string-{{$idx}}\n{{end}}`\n tmpl := template.Must(template.New(\"\").Parse(templ))\n if err := tmpl.Execute(os.Stdout, retp); err != nil {\n panic(err)\n }\n}\n\n```\n\nThis example imitates the behavior on these lines:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L115-L123\n\nRunning this example generates the following template:\n\n```\n loooooooooooooooooooooooooooooooong-string-0\n\n loooooooooooooooooooooooooooooooong-string-1\n\n loooooooooooooooooooooooooooooooong-string-2\n\n loooooooooooooooooooooooooooooooong-string-3\n\n loooooooooooooooooooooooooooooooong-string-4\n\n loooooooooooooooooooooooooooooooong-string-5\n\n loooooooooooooooooooooooooooooooong-string-6\n\n loooooooooooooooooooooooooooooooong-string-7\n\n loooooooooooooooooooooooooooooooong-string-8\n\n loooooooooooooooooooooooooooooooong-string-9\n\n\n loooooooooooooooooooooooooooooooong-string-0\n\n loooooooooooooooooooooooooooooooong-string-1\n\n loooooooooooooooooooooooooooooooong-string-2\n\n loooooooooooooooooooooooooooooooong-string-3\n\n loooooooooooooooooooooooooooooooong-string-4\n\n loooooooooooooooooooooooooooooooong-string-5\n\n loooooooooooooooooooooooooooooooong-string-6\n\n loooooooooooooooooooooooooooooooong-string-7\n\n loooooooooooooooooooooooooooooooong-string-8\n\n loooooooooooooooooooooooooooooooong-string-9\n\n\n loooooooooooooooooooooooooooooooong-string-0\n\n loooooooooooooooooooooooooooooooong-string-1\n\n loooooooooooooooooooooooooooooooong-string-2\n\n loooooooooooooooooooooooooooooooong-string-3\n\n loooooooooooooooooooooooooooooooong-string-4\n\n loooooooooooooooooooooooooooooooong-string-5\n\n loooooooooooooooooooooooooooooooong-string-6\n\n loooooooooooooooooooooooooooooooong-string-7\n\n loooooooooooooooooooooooooooooooong-string-8\n\n loooooooooooooooooooooooooooooooong-string-9\n```\n\nA malicious user can call the loop more times, increase the loop count and/or make the repeated long string longer to make the size of the template bigger.\n\nA sufficiently large template will consume a lot of memory on this line which will exhaust memory on the machine and crash the Minder server:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121\n\nMinder should enforce a limit to generated templates before reading them into memory.\n\nThe following templates are believed to be vulnerable:\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/engine/ingester/rest/rest.go#L121\n\nhttps://github.com/stacklok/minder/blob/e7f9914de9af5a69e3e6fe2bdfaaf22e62be42c0/internal/engine/actions/remediate/pull_request/pull_request.go#L199\n\nhttps://github.com/stacklok/minder/blob/e7f9914de9af5a69e3e6fe2bdfaaf22e62be42c0/internal/engine/actions/remediate/pull_request/pull_request.go#L510\n\nMinder has a few other templates especially in its engine which needs reviewing too. As a default, all templates should be limited in size before Minder reads them into memory.\n",
"id": "GHSA-crgc-2583-rw27",
"modified": "2024-05-20T22:07:25Z",
"published": "2024-05-20T20:43:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/stacklok/minder/security/advisories/GHSA-crgc-2583-rw27"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35194"
},
{
"type": "WEB",
"url": "https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892"
},
{
"type": "PACKAGE",
"url": "https://github.com/stacklok/minder"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Stacklok Minder vulnerable to denial of service from maliciously crafted templates"
}
GHSA-CRH4-294P-VCFQ
Vulnerability from github – Published: 2021-04-19 14:53 – Updated: 2021-10-08 21:22Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
- https://vaadin.com/security/cve-2021-31405
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-text-field-flow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.4"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-text-field-flow"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-16T23:12:10Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Unsafe validation RegEx in `EmailField` component in `com.vaadin:vaadin-text-field-flow` versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.\n\n- https://vaadin.com/security/cve-2021-31405",
"id": "GHSA-crh4-294p-vcfq",
"modified": "2021-10-08T21:22:01Z",
"published": "2021-04-19T14:53:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vaadin/flow-components/security/advisories/GHSA-crh4-294p-vcfq"
},
{
"type": "PACKAGE",
"url": "https://github.com/vaadin/flow-components"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31405"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17"
}
GHSA-CRJR-9RC5-GHW8
Vulnerability from github – Published: 2022-04-11 21:18 – Updated: 2023-07-06 16:02Summary
Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents.
Mitigation
Upgrade to Nokogiri >= 1.13.4.
Severity
The Nokogiri maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
References
CWE-1333 Inefficient Regular Expression Complexity
Credit
This vulnerability was reported by HackerOne user ooooooo_q (ななおく).
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24836"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-11T21:18:06Z",
"nvd_published_at": "2022-04-11T22:15:00Z",
"severity": "HIGH"
},
"details": "## Summary\n\nNokogiri `\u003c v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= 1.13.4`.\n\n\n## Severity\n\nThe Nokogiri maintainers have evaluated this as [**High Severity** 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n\n## References\n\n[CWE-1333](https://cwe.mitre.org/data/definitions/1333.html) Inefficient Regular Expression Complexity\n\n\n## Credit\n\nThis vulnerability was reported by HackerOne user ooooooo_q (\u306a\u306a\u304a\u304f).\n",
"id": "GHSA-crjr-9rc5-ghw8",
"modified": "2023-07-06T16:02:37Z",
"published": "2022-04-11T21:18:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24836"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email\u0026utm_source=footer"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-29"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213532"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri Inefficient Regular Expression Complexity"
}
GHSA-CRMJ-QH74-2R36
Vulnerability from github – Published: 2024-10-17 17:13 – Updated: 2024-10-23 17:40Impact
A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multipleEntriesDecoder, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are not affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file.
Patches
The bug is fixed in version v0.28.2.
For more information
Please see our security policy for information about Exiv2 security.
Credit
This bug was found by OSS-Fuzz.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "exiv2"
},
"ranges": [
{
"events": [
{
"introduced": "0.16.0"
},
{
"fixed": "0.16.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-25112"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-17T17:13:24Z",
"nvd_published_at": "2024-02-12T23:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\nA denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file.\n\n### Patches\nThe bug is fixed in version v0.28.2.\n\n### For more information\nPlease see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.\n\n### Credit\nThis bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).",
"id": "GHSA-crmj-qh74-2r36",
"modified": "2024-10-23T17:40:19Z",
"published": "2024-10-17T17:13:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25112"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/pull/2337"
},
{
"type": "PACKAGE",
"url": "https://github.com/Exiv2/exiv2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/exiv2/PYSEC-2024-107.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder"
}
GHSA-CRMV-FCQ6-R57V
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.
{
"affected": [],
"aliases": [
"CVE-2017-5544"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T07:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device\u0027s SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.",
"id": "GHSA-crmv-fcq6-r57v",
"modified": "2022-05-13T01:06:18Z",
"published": "2022-05-13T01:06:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5544"
},
{
"type": "WEB",
"url": "http://www.nfcwar.com"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRPF-HW75-JGVC
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:38Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
{
"affected": [],
"aliases": [
"CVE-2018-19162"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-05T21:15:00Z",
"severity": "HIGH"
},
"details": "Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim\u0027s disk.",
"id": "GHSA-crpf-hw75-jgvc",
"modified": "2024-04-04T02:38:13Z",
"published": "2022-05-24T17:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19162"
},
{
"type": "WEB",
"url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"type": "WEB",
"url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"type": "WEB",
"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRQJ-2V3F-C8G9
Vulnerability from github – Published: 2026-02-02 12:31 – Updated: 2026-02-02 12:31A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product.
{
"affected": [],
"aliases": [
"CVE-2025-7105"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T11:16:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product.",
"id": "GHSA-crqj-2v3f-c8g9",
"modified": "2026-02-02T12:31:14Z",
"published": "2026-02-02T12:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7105"
},
{
"type": "WEB",
"url": "https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.