CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5416 vulnerabilities reference this CWE, most recent first.
GHSA-CRMV-FCQ6-R57V
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.
{
"affected": [],
"aliases": [
"CVE-2017-5544"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T07:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device\u0027s SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.",
"id": "GHSA-crmv-fcq6-r57v",
"modified": "2022-05-13T01:06:18Z",
"published": "2022-05-13T01:06:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5544"
},
{
"type": "WEB",
"url": "http://www.nfcwar.com"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRPF-HW75-JGVC
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:38Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
{
"affected": [],
"aliases": [
"CVE-2018-19162"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-05T21:15:00Z",
"severity": "HIGH"
},
"details": "Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim\u0027s disk.",
"id": "GHSA-crpf-hw75-jgvc",
"modified": "2024-04-04T02:38:13Z",
"published": "2022-05-24T17:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19162"
},
{
"type": "WEB",
"url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"type": "WEB",
"url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"type": "WEB",
"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRQJ-2V3F-C8G9
Vulnerability from github – Published: 2026-02-02 12:31 – Updated: 2026-02-02 12:31A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product.
{
"affected": [],
"aliases": [
"CVE-2025-7105"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T11:16:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product.",
"id": "GHSA-crqj-2v3f-c8g9",
"modified": "2026-02-02T12:31:14Z",
"published": "2026-02-02T12:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7105"
},
{
"type": "WEB",
"url": "https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRV8-R5WQ-GV2W
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-02-28 18:38webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "webui-aria2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-39141"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-28T18:38:27Z",
"nvd_published_at": "2023-08-22T19:16:39Z",
"severity": "HIGH"
},
"details": "webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.",
"id": "GHSA-crv8-r5wq-gv2w",
"modified": "2024-02-28T18:38:27Z",
"published": "2023-08-22T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39141"
},
{
"type": "WEB",
"url": "https://gist.github.com/JafarAkhondali/528fe6c548b78f454911fb866b23f66e"
},
{
"type": "PACKAGE",
"url": "https://github.com/ziahamza/webui-aria2"
},
{
"type": "WEB",
"url": "https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "webui-aria2 Path Traversal vulnerability"
}
GHSA-CRW7-QG66-GV9W
Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2026-05-27 15:32Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
{
"affected": [],
"aliases": [
"CVE-2022-21360"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-19T12:15:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"id": "GHSA-crw7-qg66-gv9w",
"modified": "2026-05-27T15:32:50Z",
"published": "2022-02-11T00:01:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21360"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-05"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220121-0007"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5057"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5058"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CV4X-93XX-WGFJ
Vulnerability from github – Published: 2026-03-17 19:46 – Updated: 2026-03-25 18:26Summary
A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31 characters or more, causing a denial of service for all reconciliation.
Details
The controller panics in GenerateDeterministicNameFromSpec when building a deterministic ResolutionRequest name. The generated name has the format {resolver}-{hash} and, when the resolver name is long enough, the result exceeds the DNS-1123 label limit of 63 characters.
The truncation logic attempts to find a word boundary using strings.LastIndex(name, " "). Since the generated name never contains spaces (it is composed of the resolver name, a dash, and a hex-encoded hash), LastIndex returns -1, which is then used as a slice bound:
return name[:strings.LastIndex(name[:maxLength], " ")], nil
// strings.LastIndex returns -1 → panic: slice bounds out of range [:-1]
The panic crashes the controller. Because the offending TaskRun or PipelineRun is re-reconciled on restart, the controller enters a CrashLoopBackOff, blocking all TaskRun and PipelineRun reconciliation cluster-wide until the offending resource is manually deleted.
Built-in resolvers use short names (git, cluster, bundles, hub) and are not affected under normal usage. The vulnerability is exploitable by any user who can create TaskRuns or PipelineRuns with a custom resolver name.
Impact
Denial of service — A single malicious TaskRun or PipelineRun with a long resolver name is sufficient to crash the Tekton Pipelines controller into a restart loop, blocking all CI/CD reconciliation cluster-wide until the resource is removed.
Patches
Fixed in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, 1.10.2.
The fix computes the hash first, then truncates only the prefix (resolver name) to fit within the DNS-1123 label limit, preserving the full hash to maintain determinism and uniqueness of ResolutionRequest names.
Workarounds
Restrict who can create TaskRun and PipelineRun resources via Kubernetes RBAC. There is no validation-side workaround without patching.
Affected Versions
All releases from v0.60.0 through v1.10.0.
The vulnerable truncation logic was introduced in commit ea1fa7ad1fdc ("Remote Resolution Refactor"), first released in v0.60.0 (2024-05-22).
Currently supported affected releases: - v1.10.x (latest) - v1.9.x (LTS, EOL 2027-01-30) - v1.6.x (LTS, EOL 2026-10-31) - v1.3.x (LTS, EOL 2026-08-04) - v1.0.x (LTS, EOL 2026-04-29)
Releases prior to v0.60.0 are not affected — the truncation code did not exist.
Acknowledgments
This vulnerability was reported by Oleh Konko (@1seal), who provided a thorough vulnerability analysis, proof-of-concept, and review of the fix. Thank you!
References
- Fix (main): 5eead3f859b9
- Fix (v1.10.x): 01673237c464
- Fix (v1.9.x): edc64bbf2232
- Fix (v1.6.x): 0fa2d66cff81
- Fix (v1.3.x): 5e4905fb6754
- Fix (v1.0.x): ebc197e2b973
- Introduced in:
ea1fa7ad1fdc("Remote Resolution Refactor")
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "0.60.0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.9.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33022"
],
"database_specific": {
"cwe_ids": [
"CWE-129",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T19:46:29Z",
"nvd_published_at": "2026-03-20T08:16:11Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nA user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting `.spec.taskRef.resolver` (or `.spec.pipelineRef.resolver`) to a string of 31 characters or more, causing a denial of service for all reconciliation.\n\n### Details\n\nThe controller panics in `GenerateDeterministicNameFromSpec` when building a deterministic `ResolutionRequest` name. The generated name has the format `{resolver}-{hash}` and, when the resolver name is long enough, the result exceeds the DNS-1123 label limit of 63 characters.\n\nThe truncation logic attempts to find a word boundary using `strings.LastIndex(name, \" \")`. Since the generated name never contains spaces (it is composed of the resolver name, a dash, and a hex-encoded hash), `LastIndex` returns `-1`, which is then used as a slice bound:\n\n```go\nreturn name[:strings.LastIndex(name[:maxLength], \" \")], nil\n// strings.LastIndex returns -1 \u2192 panic: slice bounds out of range [:-1]\n```\n\nThe panic crashes the controller. Because the offending TaskRun or PipelineRun is re-reconciled on restart, the controller enters a `CrashLoopBackOff`, blocking all TaskRun and PipelineRun reconciliation cluster-wide until the offending resource is manually deleted.\n\nBuilt-in resolvers use short names (`git`, `cluster`, `bundles`, `hub`) and are not affected under normal usage. The vulnerability is exploitable by any user who can create TaskRuns or PipelineRuns with a custom resolver name.\n\n### Impact\n\n**Denial of service** \u2014 A single malicious TaskRun or PipelineRun with a long resolver name is sufficient to crash the Tekton Pipelines controller into a restart loop, blocking all CI/CD reconciliation cluster-wide until the resource is removed.\n\n### Patches\n\nFixed in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, 1.10.2.\n\nThe fix computes the hash first, then truncates only the prefix (resolver name) to fit within the DNS-1123 label limit, preserving the full hash to maintain determinism and uniqueness of `ResolutionRequest` names.\n\n### Workarounds\n\nRestrict who can create TaskRun and PipelineRun resources via Kubernetes RBAC. There is no validation-side workaround without patching.\n\n### Affected Versions\n\nAll releases from **v0.60.0** through **v1.10.0**.\n\nThe vulnerable truncation logic was introduced in commit `ea1fa7ad1fdc` (\"Remote Resolution Refactor\"), first released in v0.60.0 (2024-05-22).\n\nCurrently supported affected releases:\n- **v1.10.x** (latest)\n- **v1.9.x** (LTS, EOL 2027-01-30)\n- **v1.6.x** (LTS, EOL 2026-10-31)\n- **v1.3.x** (LTS, EOL 2026-08-04)\n- **v1.0.x** (LTS, EOL 2026-04-29)\n\nReleases prior to v0.60.0 are **not affected** \u2014 the truncation code did not exist.\n\n### Acknowledgments\n\nThis vulnerability was reported by Oleh Konko (@1seal), who provided a thorough vulnerability analysis, proof-of-concept, and review of the fix. Thank you!\n\n### References\n\n- Fix (main): [5eead3f859b9](https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6)\n- Fix (v1.10.x): [01673237c464](https://github.com/tektoncd/pipeline/commit/01673237c464cfac7e286183f5c9e9d6ec951a64)\n- Fix (v1.9.x): [edc64bbf2232](https://github.com/tektoncd/pipeline/commit/edc64bbf22323fcf218170f19047c9bcd8163e90)\n- Fix (v1.6.x): [0fa2d66cff81](https://github.com/tektoncd/pipeline/commit/0fa2d66cff814838c3a10cce252104c7fe618932)\n- Fix (v1.3.x): [5e4905fb6754](https://github.com/tektoncd/pipeline/commit/5e4905fb6754efa5ecea54de195738d73fb0e01d)\n- Fix (v1.0.x): [ebc197e2b973](https://github.com/tektoncd/pipeline/commit/ebc197e2b9733deedaa1624212ec66dcdf61eaaf)\n- Introduced in: `ea1fa7ad1fdc` (\"Remote Resolution Refactor\")",
"id": "GHSA-cv4x-93xx-wgfj",
"modified": "2026-03-25T18:26:47Z",
"published": "2026-03-17T19:46:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-cv4x-93xx-wgfj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33022"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/01673237c464cfac7e286183f5c9e9d6ec951a64"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/0fa2d66cff814838c3a10cce252104c7fe618932"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/5e4905fb6754efa5ecea54de195738d73fb0e01d"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/ebc197e2b9733deedaa1624212ec66dcdf61eaaf"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/commit/edc64bbf22323fcf218170f19047c9bcd8163e90"
},
{
"type": "PACKAGE",
"url": "https://github.com/tektoncd/pipeline"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun"
}
GHSA-CV8J-WFMQ-4FJV
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-12-06 06:30In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix memory leak in tcindex_partial_destroy_work
Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work().
In tcindex_set_parms() new tcindex_data is allocated and some fields from old one are copied to new one, but not the perfect hash. Since tcindex_partial_destroy_work() is the destroy function for old tcindex_data, we need to free perfect hash to avoid memory leak.
{
"affected": [],
"aliases": [
"CVE-2021-47295"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:17Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix memory leak in tcindex_partial_destroy_work\n\nSyzbot reported memory leak in tcindex_set_parms(). The problem was in\nnon-freed perfect hash in tcindex_partial_destroy_work().\n\nIn tcindex_set_parms() new tcindex_data is allocated and some fields from\nold one are copied to new one, but not the perfect hash. Since\ntcindex_partial_destroy_work() is the destroy function for old\ntcindex_data, we need to free perfect hash to avoid memory leak.",
"id": "GHSA-cv8j-wfmq-4fjv",
"modified": "2025-12-06T06:30:15Z",
"published": "2024-05-21T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47295"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01d0d2b8b4e3cf2110baba9371c0c3d04ad5c77b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/372ae77cf11d11fb118cbe2d37def9dd5f826abd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3abebc503a5148072052c229c6b04b329a420ecd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/53af9c793f644d5841d84d8e0ad83bd7ab47f3e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a6fb69bbcb21e9ce13bdf18c008c268874f0480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c183dc0af472dec33d2c0786a5e356baa8cad19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d7924ce85bae64e7a67c366c7c50840f49f3a62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e9662fde6d63c78eb1350f6167f64c9d71a865b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cac71d27745f92ee13f0ecc668ffe151a4a9c9b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5051bcece50140abd1a11a2d36dc3ec5484fc32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVCM-JHP7-5VQH
Vulnerability from github – Published: 2025-06-06 12:30 – Updated: 2025-06-06 12:30Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
{
"affected": [],
"aliases": [
"CVE-2025-41361"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T12:15:22Z",
"severity": "HIGH"
},
"details": "Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.",
"id": "GHSA-cvcm-jhp7-5vqh",
"modified": "2025-06-06T12:30:33Z",
"published": "2025-06-06T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41361"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CVHM-GJ56-WHX3
Vulnerability from github – Published: 2022-05-14 01:59 – Updated: 2022-05-14 01:59In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.
{
"affected": [],
"aliases": [
"CVE-2018-6923"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-04T18:29:00Z",
"severity": "HIGH"
},
"details": "In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.",
"id": "GHSA-cvhm-gj56-whx3",
"modified": "2022-05-14T01:59:48Z",
"published": "2022-05-14T01:59:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6923"
},
{
"type": "WEB",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105336"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041505"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVQF-GHWG-56GJ
Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-09 00:01An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
{
"affected": [],
"aliases": [
"CVE-2021-22956"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-07T14:15:00Z",
"severity": "HIGH"
},
"details": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.",
"id": "GHSA-cvqf-ghwg-56gj",
"modified": "2021-12-09T00:01:46Z",
"published": "2021-12-08T00:01:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22956"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX330728"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.