Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5412 vulnerabilities reference this CWE, most recent first.

GHSA-J5QH-CP3P-2H87

Vulnerability from github – Published: 2022-05-17 04:44 – Updated: 2025-04-13 23:08
VLAI
Summary
Ignite Realtime Openfire vulnerable to XMPPbomb attack
Details

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.igniterealtime.openfire:parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-2741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-16T23:27:55Z",
    "nvd_published_at": "2014-04-11T01:55:00Z",
    "severity": "HIGH"
  },
  "details": "nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack.",
  "id": "GHSA-j5qh-cp3p-2h87",
  "modified": "2025-04-13T23:08:09Z",
  "published": "2022-05-17T04:44:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2741"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/commit/3aec383e07ee893b77396fe946766bbd3758af77"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/igniterealtime/Openfire"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140407092132/http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140705161237/http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77"
    },
    {
      "type": "WEB",
      "url": "http://community.igniterealtime.org/thread/52317"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2014/04/07/7"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2014/04/09/1"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/495476"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ignite Realtime Openfire vulnerable to XMPPbomb attack"
}

GHSA-J5QJ-RG5J-J7C2

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-22 00:33
VLAI
Summary
Aim Uncontrolled Resource Consumption vulnerability
Details

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.25.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-0189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-22T00:33:44Z",
    "nvd_published_at": "2025-03-20T10:15:51Z",
    "severity": "HIGH"
  },
  "details": "In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.",
  "id": "GHSA-j5qj-rg5j-j7c2",
  "modified": "2025-03-22T00:33:44Z",
  "published": "2025-03-20T12:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0189"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aimhubio/aim"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Aim Uncontrolled Resource Consumption vulnerability"
}

GHSA-J5VH-M963-H26R

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:19Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-j5vh-m963-h26r",
  "modified": "2023-11-14T21:31:01Z",
  "published": "2023-11-14T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25949"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5XP-7M2F-49JV

Vulnerability from github – Published: 2026-06-03 21:15 – Updated: 2026-06-03 21:15
VLAI
Summary
Docling Core: Insufficient validation of image reference URIs
Details

Impact

In versions >= 2.5.0, < 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit.

In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads.

Patches

Patched in docling-core 2.74.1. The fix blocks local file URIs by default and adds a size limit for decoded inline image data.

Users should upgrade to: - docling-core >= 2.74.1

Workarounds

If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "docling-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.74.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-03T21:15:31Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nIn versions `\u003e= 2.5.0, \u003c 2.74.1`, `docling-core`  could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit.\n\nIn applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads.\n\n### Patches\nPatched in `docling-core` `2.74.1`.\nThe fix blocks local file URIs by default and adds a size limit for decoded inline image data.\n\nUsers should upgrade to:\n- `docling-core` `\u003e= 2.74.1`\n\n### Workarounds\nIf upgrading is not immediately possible:\n- reject `file:` and `data:` image references from untrusted input\n- allow only approved local or remote image sources\n- apply input size and memory limits to processing workers\n\n### References\n- Fix release: [`v2.74.1`](https://github.com/docling-project/docling-core/releases/tag/v2.74.1)",
  "id": "GHSA-j5xp-7m2f-49jv",
  "modified": "2026-06-03T21:15:31Z",
  "published": "2026-06-03T21:15:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-j5xp-7m2f-49jv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/docling-project/docling-core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docling-project/docling-core/releases/tag/v2.74.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Docling Core: Insufficient validation of image reference URIs"
}

GHSA-J5XW-GH42-G53C

Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36
VLAI
Details

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).

An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.

This issue affects interfaces with PPPoE configured and tcp-mss enabled.

This issue affects Juniper Networks Junos OS

  • All versions prior to 20.4R3-S7;
  • 21.1 version 21.1R1 and later versions;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions prior to 21.3R3-S5;
  • 21.4 versions prior to 21.4R3-S3;
  • 22.1 versions prior to 22.1R3-S4;
  • 22.2 versions prior to 22.2R3;
  • 22.3 versions prior to 22.3R2-S2;
  • 22.4 versions prior to 22.4R2;
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-12T23:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).\n\nAn attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.\n\nThis issue affects interfaces with PPPoE configured and tcp-mss enabled.\n\nThis issue affects Juniper Networks Junos OS\n\n\n\n  *  All versions prior to 20.4R3-S7;\n  *  21.1 version 21.1R1 and later versions;\n  *  21.2 versions prior to 21.2R3-S6;\n  *  21.3 versions prior to 21.3R3-S5;\n  *  21.4 versions prior to 21.4R3-S3;\n  *  22.1 versions prior to 22.1R3-S4;\n  *  22.2 versions prior to 22.2R3;\n  *  22.3 versions prior to 22.3R2-S2;\n  *  22.4 versions prior to 22.4R2;\n\n\n\n\n\n\n",
  "id": "GHSA-j5xw-gh42-g53c",
  "modified": "2024-04-04T08:36:25Z",
  "published": "2023-10-13T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36841"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA73172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J62C-4X62-9R35

Vulnerability from github – Published: 2026-01-15 18:09 – Updated: 2026-01-15 22:33
VLAI
Summary
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
Details

Summary

Versions of SvelteKit are vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions.

Details

Affected versions from 2.44.0 onwards are vulnerable to DoS if:

  • your app has at least one prerendered route (export const prerender = true)

Affected versions from 2.19.0 onwards are vulnerable to DoS and SSRF if:

  • your app has at least one prerendered route (export const prerender = true)
  • AND you are using adapter-node without a configured ORIGIN environment variable, and you are not using a reverse proxy that implements Host header validation

Impact

The DoS causes the running server process to end.

The SSRF allows access to internal services that can be reached without authentication when fetched from SvelteKit's server runtime.

It is also possible to obtain an SXSS via cache poisoning, by forcing a potential CDN to cache an XSS returned by the attacker's server (the latter being able to specify the cache-control of their choice).

Credits

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.49.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@sveltejs/kit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.19.0"
            },
            {
              "fixed": "2.49.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.5.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@sveltejs/adapter-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.4.1"
            },
            {
              "fixed": "5.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-400",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-15T18:09:59Z",
    "nvd_published_at": "2026-01-15T19:16:03Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nVersions of SvelteKit are vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions.\n\n### Details\n\nAffected versions from 2.44.0 onwards are vulnerable to DoS if:\n\n- your app has at least one prerendered route (`export const prerender = true`)\n\nAffected versions from 2.19.0 onwards are vulnerable to DoS and SSRF if:\n\n- your app has at least one prerendered route (`export const prerender = true`)\n- AND you are using `adapter-node` without a configured `ORIGIN` environment variable, and you are not using a reverse proxy that implements Host header validation\n\n### Impact\n\nThe DoS causes the running server process to end.\n\nThe SSRF allows access to internal services that can be reached without authentication when fetched from SvelteKit\u0027s server runtime.\n\nIt is also possible to obtain an SXSS via cache poisoning, by forcing a potential CDN to cache an XSS returned by the attacker\u0027s server (the latter being able to specify the cache-control of their choice).\n\n### Credits\n- Allam Rachid ([zhero;](https://zhero-web-sec.github.io/research-and-things/))\n- Allam Yasser (inzo)\n- d-xuan ([wednesday](https://d-xuan.github.io/wednesday/))",
  "id": "GHSA-j62c-4x62-9r35",
  "modified": "2026-01-15T22:33:31Z",
  "published": "2026-01-15T18:09:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-j62c-4x62-9r35"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67647"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sveltejs/kit"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fadapter-node%405.5.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.49.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering"
}

GHSA-J62M-WF76-CQ9Q

Vulnerability from github – Published: 2022-05-14 03:04 – Updated: 2022-05-14 03:04
VLAI
Details

In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-13251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-05T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.",
  "id": "GHSA-j62m-wf76-cq9q",
  "modified": "2022-05-14T03:04:28Z",
  "published": "2022-05-14T03:04:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13251"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6J7-QHW9-6J2G

Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2024-04-03 23:52
VLAI
Details

PyXML: Hash table collisions CPU usage Denial of Service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-22T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "PyXML: Hash table collisions CPU usage Denial of Service",
  "id": "GHSA-j6j7-qhw9-6j2g",
  "modified": "2024-04-03T23:52:04Z",
  "published": "2022-04-23T00:40:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0877"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2012-0877"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2012-0877"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2014/q3/96"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/07/08/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6V9-29XF-J8Q4

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:51
VLAI
Details

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.",
  "id": "GHSA-j6v9-29xf-j8q4",
  "modified": "2024-04-04T02:51:32Z",
  "published": "2022-05-24T17:19:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3203"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6X9-FQFR-79Q4

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2025-11-03 21:30
VLAI
Details

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:23Z",
    "severity": "MODERATE"
  },
  "details": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.",
  "id": "GHSA-j6x9-fqfr-79q4",
  "modified": "2025-11-03T21:30:53Z",
  "published": "2023-08-22T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37050"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.