CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5412 vulnerabilities reference this CWE, most recent first.
GHSA-HPM9-74QX-6X32
Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-06-30 03:36Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
{
"affected": [],
"aliases": [
"CVE-2026-34282"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T21:16:32Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-hpm9-74qx-6x32",
"modified": "2026-06-30T03:36:21Z",
"published": "2026-04-21T21:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34282.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-34282"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9693"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9691"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9689"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9688"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9687"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9686"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9254"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22328"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11902"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11829"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11822"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11655"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11403"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPMR-G4PQ-JHGP
Vulnerability from github – Published: 2021-05-06 15:58 – Updated: 2021-04-23 18:47This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "chrono-node"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23371"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-13T21:50:04Z",
"nvd_published_at": "2021-04-12T13:15:00Z",
"severity": "HIGH"
},
"details": "This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.",
"id": "GHSA-hpmr-g4pq-jhgp",
"modified": "2021-04-23T18:47:21Z",
"published": "2021-05-06T15:58:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23371"
},
{
"type": "WEB",
"url": "https://github.com/wanasit/chrono/issues/382"
},
{
"type": "WEB",
"url": "https://github.com/wanasit/chrono/commit/98815b57622443b5c498a427210ebd603d705f4c"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-CHRONONODE-1083228"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service in chrono-node"
}
GHSA-HPP2-2CR5-PF6G
Vulnerability from github – Published: 2023-02-14 21:49 – Updated: 2023-02-14 21:49Impact
- The multipart body parser accepts an unlimited number of file parts.
- The multipart body parser accepts an unlimited number of field parts.
- The multipart body parser accepts an unlimited number of empty parts as field parts.
Patches
This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x).
Workarounds
There are no known workaround.
References
Reported at https://hackerone.com/reports/1816195.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@fastify/multipart"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@fastify/multipart"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25576"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-14T21:49:55Z",
"nvd_published_at": "2023-02-14T16:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n* The multipart body parser accepts an unlimited number of file parts.\n* The multipart body parser accepts an unlimited number of field parts.\n* The multipart body parser accepts an unlimited number of empty parts as field\nparts.\n\n\n### Patches\n\nThis is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x).\n\n### Workarounds\n\nThere are no known workaround. \n\n### References\n\nReported at https://hackerone.com/reports/1816195.",
"id": "GHSA-hpp2-2cr5-pf6g",
"modified": "2023-02-14T21:49:55Z",
"published": "2023-02-14T21:49:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fastify/fastify-multipart/security/advisories/GHSA-hpp2-2cr5-pf6g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25576"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify-multipart/commit/85be81bedf5b29cfd9fe3efc30fb5a17173c1297"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1816195"
},
{
"type": "PACKAGE",
"url": "https://github.com/fastify/fastify-multipart"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify-multipart/releases/tag/v6.0.1"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify-multipart/releases/tag/v7.4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service due to unlimited number of parts"
}
GHSA-HPQ2-2FMQ-C95R
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.
{
"affected": [],
"aliases": [
"CVE-2018-6922"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-09T18:29:00Z",
"severity": "MODERATE"
},
"details": "One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system\u0027s network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.",
"id": "GHSA-hpq2-2fmq-c95r",
"modified": "2022-05-13T01:31:55Z",
"published": "2022-05-13T01:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6922"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180815-0002"
},
{
"type": "WEB",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105058"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HPW7-XRJW-4CX3
Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-05 00:01In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
{
"affected": [],
"aliases": [
"CVE-2021-22100"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.",
"id": "GHSA-hpw7-xrjw-4cx3",
"modified": "2022-04-05T00:01:02Z",
"published": "2022-03-26T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22100"
},
{
"type": "WEB",
"url": "https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HQ37-853P-G5CF
Vulnerability from github – Published: 2021-01-06 16:57 – Updated: 2024-09-13 17:42Doyensec Vulnerability Advisory
- Regular Expression Denial of Service (REDoS) in cairosvg
- Affected Product: CairoSVG v2.0.0+
- Vendor: https://github.com/Kozea
- Severity: Medium
- Vulnerability Class: Denial of Service
- Author(s): Ben Caller (Doyensec)
Summary
When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time.
Technical description
The vulnerable regular expressions are
https://github.com/Kozea/CairoSVG/blob/9c4a982b9a021280ad90e89707eacc1d114e4ac4/cairosvg/colors.py#L190-L191
The section between 'rgb(' and the final ')' contains multiple overlapping groups.
Since all three infinitely repeating groups accept spaces, a long string of spaces causes catastrophic backtracking when it is not followed by a closing parenthesis.
The complexity is cubic, so doubling the length of the malicious string of spaces makes processing take 8 times as long.
Reproduction steps
Create a malicious SVG of the form:
<svg width="1" height="1"><rect fill="rgb( ;"/></svg>
with the following code:
'<svg width="1" height="1"><rect fill="rgb(' + (' ' * 3456) + ';"/></svg>'
Note that there is no closing parenthesis before the semi-colon.
Run cairosvg e.g.:
cairosvg cairo-redos.svg -o x.png
and notice that it hangs at 100% CPU. Increasing the number of spaces increases the processing time with cubic complexity.
Remediation
Fix the regexes to avoid overlapping parts. Perhaps remove the [ \n\r\t]* groups from the regex, and use .strip() on the returned capture group.
Disclosure timeline
- 2020-12-30: Vulnerability disclosed via email to CourtBouillon
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "CairoSVG"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21236"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-01-06T16:57:38Z",
"nvd_published_at": "2021-01-06T17:15:00Z",
"severity": "HIGH"
},
"details": "# Doyensec Vulnerability Advisory \n\n* Regular Expression Denial of Service (REDoS) in cairosvg\n* Affected Product: CairoSVG v2.0.0+\n* Vendor: https://github.com/Kozea\n* Severity: Medium\n* Vulnerability Class: Denial of Service\n* Author(s): Ben Caller ([Doyensec](https://doyensec.com))\n\n## Summary\n\nWhen processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).\nIf an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time.\n\n## Technical description\n\nThe vulnerable regular expressions are\n\nhttps://github.com/Kozea/CairoSVG/blob/9c4a982b9a021280ad90e89707eacc1d114e4ac4/cairosvg/colors.py#L190-L191\n\nThe section between \u0027rgb(\u0027 and the final \u0027)\u0027 contains multiple overlapping groups.\n\nSince all three infinitely repeating groups accept spaces, a long string of spaces causes catastrophic backtracking when it is not followed by a closing parenthesis.\n\nThe complexity is cubic, so doubling the length of the malicious string of spaces makes processing take 8 times as long.\n\n## Reproduction steps\n\nCreate a malicious SVG of the form:\n\n \u003csvg width=\"1\" height=\"1\"\u003e\u003crect fill=\"rgb( ;\"/\u003e\u003c/svg\u003e\n\nwith the following code:\n\n \u0027\u003csvg width=\"1\" height=\"1\"\u003e\u003crect fill=\"rgb(\u0027 + (\u0027 \u0027 * 3456) + \u0027;\"/\u003e\u003c/svg\u003e\u0027\n\nNote that there is no closing parenthesis before the semi-colon.\n\nRun cairosvg e.g.:\n\n cairosvg cairo-redos.svg -o x.png\n\nand notice that it hangs at 100% CPU. Increasing the number of spaces increases the processing time with cubic complexity.\n\n## Remediation\n\nFix the regexes to avoid overlapping parts. Perhaps remove the [ \\n\\r\\t]* groups from the regex, and use .strip() on the returned capture group.\n\n## Disclosure timeline\n\n- 2020-12-30: Vulnerability disclosed via email to CourtBouillon",
"id": "GHSA-hq37-853p-g5cf",
"modified": "2024-09-13T17:42:15Z",
"published": "2021-01-06T16:57:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21236"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kozea/CairoSVG"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.5.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cairosvg/PYSEC-2021-5.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/CairoSVG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Regular Expression Denial of Service in CairoSVG"
}
GHSA-HQ75-PVPQ-98XX
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
{
"affected": [],
"aliases": [
"CVE-2022-28773"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-674",
"CWE-789"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T17:15:00Z",
"severity": "HIGH"
},
"details": "Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.",
"id": "GHSA-hq75-pvpq-98xx",
"modified": "2022-04-21T00:00:52Z",
"published": "2022-04-13T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28773"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3111293"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQHP-5P83-HX96
Vulnerability from github – Published: 2021-09-20 20:44 – Updated: 2022-08-10 23:38Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "prismjs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3801"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-16T18:29:46Z",
"nvd_published_at": "2021-09-15T13:15:00Z",
"severity": "MODERATE"
},
"details": "Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU.",
"id": "GHSA-hqhp-5p83-hx96",
"modified": "2022-08-10T23:38:25Z",
"published": "2021-09-20T20:44:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3801"
},
{
"type": "WEB",
"url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/prismjs/prism"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "prismjs Regular Expression Denial of Service vulnerability"
}
GHSA-HQQ8-HR2R-232X
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.
{
"affected": [],
"aliases": [
"CVE-2019-4046"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-25T19:29:00Z",
"severity": "HIGH"
},
"details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.",
"id": "GHSA-hqq8-hr2r-232x",
"modified": "2022-05-13T01:31:13Z",
"published": "2022-05-13T01:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4046"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156242"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869570"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQQH-CQXQ-WQR6
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-06-29 00:00Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
{
"affected": [],
"aliases": [
"CVE-2020-20213"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-07T14:15:00Z",
"severity": "MODERATE"
},
"details": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.",
"id": "GHSA-hqqh-cqxq-wqr6",
"modified": "2022-06-29T00:00:30Z",
"published": "2022-05-24T19:07:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20213"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"type": "WEB",
"url": "https://mikrotik.com"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.