Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5428 vulnerabilities reference this CWE, most recent first.

GHSA-P632-FVPJ-4VWP

Vulnerability from github – Published: 2024-01-03 06:30 – Updated: 2024-01-10 21:31
VLAI
Details

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-03T06:15:47Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.",
  "id": "GHSA-p632-fvpj-4vwp",
  "modified": "2024-01-10T21:31:06Z",
  "published": "2024-01-03T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42358"
    },
    {
      "type": "WEB",
      "url": "https://jira.o-ran-sc.org/browse/RIC-1009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P635-F626-PV4P

Vulnerability from github – Published: 2026-04-08 18:34 – Updated: 2026-04-08 18:34
VLAI
Details

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T18:26:00Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.",
  "id": "GHSA-p635-f626-pv4p",
  "modified": "2026-04-08T18:34:08Z",
  "published": "2026-04-08T18:34:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33459"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-8-19-14-9-2-8-9-3-3-security-update-esa-2026-26/385814"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P658-8693-MHVG

Vulnerability from github – Published: 2022-10-07 07:23 – Updated: 2024-05-31 16:54
VLAI
Summary
Tendermint Core vulnerable to Uncontrolled Resource Consumption
Details

Description

Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.)

In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence.

In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2.

Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps.

This release changes the API between the consensus and evidence reactors.

Impact

This is a denial-of-service vector which impacts networks running Tendermint Core v0.34.0 - v0.34.2.

Remediation

This problem has been patched in Tendermint Core v0.34.3. Networks running impacted versions of Tendermint Core should update immediately.

Workarounds

There are no workarounds, other than upgrading to a patched version of Tendermint Core.

Credits

  • Crypto.com (@cyril-crypto, @brianatcrypto, @tomtau and @yihuang) for finding and submitting this vulnerability
  • @melekes and @cmwaters for identifying the root cause and patching the problem

For more information

If you have any questions or comments about this advisory: * Open an issue in tendermint/tendermint * Email us at security@tendermint.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tendermint/tendermint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.34.0"
            },
            {
              "fixed": "0.34.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-07T07:23:51Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Description \n\nTendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, [we added a new `Timestamp` field to `Evidence` structs](https://github.com/tendermint/tendermint/pull/5219). This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) \n\nIn Tendermint Core v0.34.0-v0.34.2, the `consensus` reactor is responsible for forming `DuplicateVoteEvidence` whenever double signs are observed. However, the current block is still \u201cin flight\u201d when it is being formed by the `consensus` reactor. It hasn\u2019t been finalized through network consensus yet. This means that different nodes in the network may observe different \u201clast commits\u201d when assigning a timestamp to `DuplicateVoteEvidence.`\n\nIn turn, different nodes could form `DuplicateVoteEvidence` objects at the same height but with different timestamps. One `DuplicateVoteEvidence` object (with one timestamp) will then eventually get finalized in the block, but this means that any `DuplicateVoteEvidence` with a different timestamp is considered invalid. Any node that formed invalid `DuplicateVoteEvidence` will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. \n\nTendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, `DuplicateVoteEvidence` is no longer formed by the `consensus` reactor; rather, the `consensus` reactor passes the `Vote`s themselves into the `EvidencePool`, which is now responsible for forming `DuplicateVoteEvidence`. The `EvidencePool` has timestamp info that should be consistent across the network, which means that `DuplicateVoteEvidence` formed in this reactor should have consistent timestamps. \n\nThis release changes the API between the `consensus` and `evidence` reactors. \n\n### Impact\n\nThis is a denial-of-service vector which impacts networks running Tendermint Core v0.34.0 - v0.34.2.\n\n### Remediation\n\nThis problem has been patched in Tendermint Core v0.34.3. Networks running impacted versions of Tendermint Core should update immediately.\n\n### Workarounds\n\nThere are no workarounds, other than upgrading to a patched version of Tendermint Core.\n\n### Credits \n\n* Crypto.com (@cyril-crypto, @brianatcrypto, @tomtau and  @yihuang) for finding and submitting this vulnerability\n* @melekes and @cmwaters for identifying the root cause and patching the problem \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [tendermint/tendermint](https://github.com/tendermint/tendermint)\n* Email us at [security@tendermint.com](mailto:security@tendermint.com)",
  "id": "GHSA-p658-8693-mhvg",
  "modified": "2024-05-31T16:54:40Z",
  "published": "2022-10-07T07:23:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/pull/5219"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/commit/a2a6852ab99e4a0f9e79f0ea8c1726e262e25c76"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tendermint/tendermint"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Tendermint Core vulnerable to Uncontrolled Resource Consumption"
}

GHSA-P674-X937-FJ22

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-16T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887.",
  "id": "GHSA-p674-x937-fj22",
  "modified": "2022-05-13T01:37:53Z",
  "published": "2022-05-13T01:37:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12318"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101854"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P68V-FRGX-4RJP

Vulnerability from github – Published: 2020-10-19 21:34 – Updated: 2020-10-19 21:34
VLAI
Summary
Denial of Service via Cache Flooding
Details

Impact

Denial of Service via Cache Flooding

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.3.2.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/platform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.3.2.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-10-19T21:34:01Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\n Denial of Service via Cache Flooding\n\n### Patches\nWe recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020",
  "id": "GHSA-p68v-frgx-4rjp",
  "modified": "2020-10-19T21:34:01Z",
  "published": "2020-10-19T21:34:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/shopware/platform/security/advisories/GHSA-p68v-frgx-4rjp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Denial of Service via Cache Flooding"
}

GHSA-P68X-Q9G7-4CGG

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-19T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.",
  "id": "GHSA-p68x-q9g7-4cgg",
  "modified": "2022-05-13T01:28:18Z",
  "published": "2022-05-13T01:28:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=70185"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=75968"
    },
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3766-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4279-1"
    },
    {
      "type": "WEB",
      "url": "https://www.futureweb.at/security/CVE-2015-9253"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P696-W4F9-FQC3

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-5056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-01-08T00:55:00Z",
    "severity": "LOW"
  },
  "details": "The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.",
  "id": "GHSA-p696-w4f9-fqc3",
  "modified": "2022-05-13T01:23:30Z",
  "published": "2022-05-13T01:23:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5056"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72258"
    },
    {
      "type": "WEB",
      "url": "http://samiam.org/blog/20111229.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026820"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P697-P3X9-JRVR

Vulnerability from github – Published: 2022-05-14 04:03 – Updated: 2022-05-14 04:03
VLAI
Details

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.",
  "id": "GHSA-p697-p3x9-jrvr",
  "modified": "2022-05-14T04:03:22Z",
  "published": "2022-05-14T04:03:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15529"
    },
    {
      "type": "WEB",
      "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171213_00"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P6FG-723F-HGPW

Vulnerability from github – Published: 2022-12-28 03:30 – Updated: 2023-01-10 15:58
VLAI
Summary
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
Details

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/shiyanhui/dht"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20201219151056-5a20f3199263"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T19:48:43Z",
    "nvd_published_at": "2022-12-28T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.",
  "id": "GHSA-p6fg-723f-hgpw",
  "modified": "2023-01-10T15:58:24Z",
  "published": "2022-12-28T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36562"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shiyanhui/dht/issues/57"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/shiyanhui/dht"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0040"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "shiyanhui/dht vulnerable to Uncontrolled Resource Consumption"
}

GHSA-P6HW-8JFC-QQ89

Vulnerability from github – Published: 2024-02-17 03:30 – Updated: 2025-11-04 21:31
VLAI
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-17T02:15:51Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.35 and prior and  8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-p6hw-8jfc-qq89",
  "modified": "2025-11-04T21:31:10Z",
  "published": "2024-02-17T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20978"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240201-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.