Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5412 vulnerabilities reference this CWE, most recent first.

GHSA-F2HJ-VPP9-6VM2

Vulnerability from github – Published: 2025-11-24 18:31 – Updated: 2025-11-25 21:42
VLAI
Summary
NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST
Details

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/free5gc/nssf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-60638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-25T21:42:17Z",
    "nvd_published_at": "2025-11-24T16:15:50Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.",
  "id": "GHSA-f2hj-vpp9-6vm2",
  "modified": "2025-11-25T21:42:17Z",
  "published": "2025-11-24T18:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60638"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/issues/704"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/nssf/commit/66fc727a894fa821fde14030346b18de69192204"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/free5gc/nssf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST"
}

GHSA-F2MM-QGP8-RC9Q

Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-04-21 21:31
VLAI
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T21:16:27Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-f2mm-qgp8-rc9q",
  "modified": "2026-04-21T21:31:24Z",
  "published": "2026-04-21T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22009"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2QX-66WF-WVVX

Vulnerability from github – Published: 2026-05-08 18:24 – Updated: 2026-05-08 18:24
VLAI
Summary
phpseclib guardrails needed on OID length
Details

Impact

Any application using that loads untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc).

Patches

https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59

Workarounds

No.

Resources

https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 https://www.usenix.org/system/files/conference/usenixsecurity25/sec25cycle1-prepub-599-shi-bing.pdf

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.46"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.47"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.35"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.22"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.1"
            },
            {
              "fixed": "1.0.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T18:24:30Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nAny application using that loads untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc).\n\n### Patches\nhttps://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59\n\n### Workarounds\nNo.\n\n### Resources\nhttps://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59\nhttps://www.usenix.org/system/files/conference/usenixsecurity25/sec25cycle1-prepub-599-shi-bing.pdf",
  "id": "GHSA-f2qx-66wf-wvvx",
  "modified": "2026-05-08T18:24:30Z",
  "published": "2026-05-08T18:24:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-f2qx-66wf-wvvx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpseclib/phpseclib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "phpseclib guardrails needed on OID length"
}

GHSA-F2V5-7JQ9-H8CG

Vulnerability from github – Published: 2026-02-28 02:46 – Updated: 2026-02-28 02:46
VLAI
Summary
pypdf: Manipulated RunLengthDecode streams can exhaust RAM
Details

Impact

An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter.

Patches

This has been fixed in pypdf==6.7.4.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3664.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pypdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-28T02:46:10Z",
    "nvd_published_at": "2026-02-27T21:16:19Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter.\n\n### Patches\nThis has been fixed in [pypdf==6.7.4](https://github.com/py-pdf/pypdf/releases/tag/6.7.4).\n\n### Workarounds\nIf you cannot upgrade yet, consider applying the changes from PR [#3664](https://github.com/py-pdf/pypdf/pull/3664).",
  "id": "GHSA-f2v5-7jq9-h8cg",
  "modified": "2026-02-28T02:46:10Z",
  "published": "2026-02-28T02:46:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28351"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/pull/3664"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/py-pdf/pypdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pypdf: Manipulated RunLengthDecode streams can exhaust RAM"
}

GHSA-F2WR-C4C4-XJG7

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-07-09 15:40
VLAI
Summary
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
Details

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/trafficcontrol"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.4"
            },
            {
              "fixed": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/trafficcontrol"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-RC0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/trafficcontrol"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0-RC0"
            },
            {
              "fixed": "2.1.0-RC1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.1.0-RC0"
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/trafficcontrol"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20170531185407-738c10fa1b58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/trafficcontrol"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            },
            {
              "fixed": "1.1.4-0.20170531185407-738c10fa1b58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-7670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T21:47:30Z",
    "nvd_published_at": "2017-07-10T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the `ESTABLISHED` state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the `ESTABLISHED` state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.",
  "id": "GHSA-f2wr-c4c4-xjg7",
  "modified": "2025-07-09T15:40:27Z",
  "published": "2022-05-13T01:09:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7670"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/trafficcontrol/pull/633"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/trafficcontrol/pull/634"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/trafficcontrol/commit/738c10fa1b5861e4cc3944dc7c3065d16f4a708c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/trafficcontrol"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@%3Cusers.trafficcontrol.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c@%3Ccommits.trafficcontrol.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack"
}

GHSA-F2X8-4JWF-GQRG

Vulnerability from github – Published: 2022-10-31 12:00 – Updated: 2025-05-06 21:30
VLAI
Details

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-31T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.",
  "id": "GHSA-f2x8-4jwf-gqrg",
  "modified": "2025-05-06T21:30:36Z",
  "published": "2022-10-31T12:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40617"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L"
    },
    {
      "type": "WEB",
      "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"
    },
    {
      "type": "WEB",
      "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F346-8RP3-4H9H

Vulnerability from github – Published: 2026-03-27 15:42 – Updated: 2026-03-27 15:42
VLAI
Summary
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
Details

Summary

A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS).

Details

When submitting a Data Processing Agreement (DPA) request in TSPortal, the DPAAlreadyLive validation rule previously called User::findOrCreate().

This method created a user record if one did not already exist.

Although username validation (via MirahezeUsernameRule) correctly rejected invalid usernames, the DPAAlreadyLive rule was still executed during validation. Because it performed a state-changing operation, it created user records even when the overall validation failed and no DPA was created.

As a result: - Validation correctly rejected invalid input - However, user records were still inserted into the database as a side effect

These records were created: - Without a successful DPA request - Without audit logging tied to a completed action - Without visibility into their origin

Impact

An attacker could exploit this behavior by automating requests with invalid usernames, resulting in:

  • Mass creation of arbitrary user records
  • Unbounded database growth
  • Increased storage and indexing overhead
  • Potential degradation of application performance

At scale, this could lead to a denial of service condition due to resource exhaustion.

Proof of Concept

  1. Submit a DPA request using an invalid username
  2. Ensure the request fails validation due to MirahezeUsernameRule
  3. Observe that a corresponding user record is still created in the database

This behavior was confirmed prior to remediation.

Root Cause

The issue stemmed from: - Performing state-changing operations (findOrCreate) inside validation logic - Validation rules executing regardless of overall validation success - Lack of separation between validation and persistence layers

Mitigation

The issue has been fixed by removing database write operations from validation logic.

Specifically: - Replaced User::findOrCreate() with a non-mutating lookup (User::firstWhere(...)) - Ensured validation rules only perform read operations - Prevented user creation unless all validation passes

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 33"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "miraheze/ts-portal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-27T15:42:20Z",
    "nvd_published_at": "2026-03-26T21:17:05Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS).\n\n### Details\nWhen submitting a Data Processing Agreement (DPA) request in TSPortal, the `DPAAlreadyLive` validation rule previously called `User::findOrCreate()`.\n\nThis method created a user record if one did not already exist.\n\nAlthough username validation (via `MirahezeUsernameRule`) correctly rejected invalid usernames, the `DPAAlreadyLive` rule was still executed during validation. Because it performed a state-changing operation, it created user records even when the overall validation failed and no DPA was created.\n\nAs a result:\n- Validation correctly rejected invalid input\n- However, user records were still inserted into the database as a side effect\n\nThese records were created:\n- Without a successful DPA request\n- Without audit logging tied to a completed action\n- Without visibility into their origin\n\n### Impact\nAn attacker could exploit this behavior by automating requests with invalid usernames, resulting in:\n\n- Mass creation of arbitrary user records\n- Unbounded database growth\n- Increased storage and indexing overhead\n- Potential degradation of application performance\n\nAt scale, this could lead to a denial of service condition due to resource exhaustion.\n\n### Proof of Concept\n1. Submit a DPA request using an invalid username\n2. Ensure the request fails validation due to `MirahezeUsernameRule`\n3. Observe that a corresponding user record is still created in the database\n\nThis behavior was confirmed prior to remediation.\n\n### Root Cause\nThe issue stemmed from:\n- Performing state-changing operations (`findOrCreate`) inside validation logic\n- Validation rules executing regardless of overall validation success\n- Lack of separation between validation and persistence layers\n\n### Mitigation\nThe issue has been fixed by removing database write operations from validation logic.\n\nSpecifically:\n- Replaced `User::findOrCreate()` with a non-mutating lookup (`User::firstWhere(...)`)\n- Ensured validation rules only perform read operations\n- Prevented user creation unless all validation passes",
  "id": "GHSA-f346-8rp3-4h9h",
  "modified": "2026-03-27T15:42:20Z",
  "published": "2026-03-27T15:42:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33541"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/miraheze/TSPortal"
    },
    {
      "type": "WEB",
      "url": "https://issue-tracker.miraheze.org/T15115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TSPortal\u0027s Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service"
}

GHSA-F353-MFHF-JFH7

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-07-03 18:42
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: megaraid_sas: Fix resource leak in case of probe failure

The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device probe.

Clean up all those resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix resource leak in case of probe failure\n\nThe driver doesn\u0027t clean up all the allocated resources properly when\nscsi_add_host(), megasas_start_aen() function fails during the PCI device\nprobe.\n\nClean up all those resources.",
  "id": "GHSA-f353-mfhf-jfh7",
  "modified": "2024-07-03T18:42:48Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04b6b9ea80906e3b41ff120b45db31768947cf72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0680db6f41920b2c91c7df3cc9cd5968701a6f74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c6226601c3e191a44a57d8f9f814b7e5c308959"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5438f48fdd8e1c3f130d32637511efd32038152"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e623f79691c5104317669ab36ec316a90c05062f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F37Q-Q7P2-CCFC

Vulnerability from github – Published: 2022-04-14 00:00 – Updated: 2022-04-26 13:05
VLAI
Summary
Resource exhaustion in Mattermost
Details

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server/v6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-26T13:05:37Z",
    "nvd_published_at": "2022-04-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.",
  "id": "GHSA-f37q-q7p2-ccfc",
  "modified": "2022-04-26T13:05:37Z",
  "published": "2022-04-14T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1337"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost-server"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Resource exhaustion in Mattermost"
}

GHSA-F37R-2V2W-7R8W

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-20 03:32
VLAI
Details

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-14T06:59:00Z",
    "severity": "HIGH"
  },
  "details": "The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.",
  "id": "GHSA-f37r-2v2w-7r8w",
  "modified": "2025-04-20T03:32:50Z",
  "published": "2022-05-13T01:24:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5972"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2017-5972"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422081"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2017020112"
    },
    {
      "type": "WEB",
      "url": "https://githubengineering.com/syn-flood-mitigation-with-synsanity"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-5972"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41350"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2017/q1/573"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.