Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5433 vulnerabilities reference this CWE, most recent first.

GHSA-PPJG-V974-84CM

Vulnerability from github – Published: 2023-09-06 19:49 – Updated: 2023-11-08 17:39
VLAI
Summary
Go-Ethereum vulnerable to denial of service via malicious p2p message
Details

Impact

A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.

Details

The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.

Patches

The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards.

Fixed by https://github.com/ethereum/go-ethereum/pull/27887

Workarounds

No known workarounds.

Credits

This bug was reported by Patrick McHardy and reported via bounty@ethereum.org.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ethereum/go-ethereum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.1-stable"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-40591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-06T19:49:46Z",
    "nvd_published_at": "2023-09-06T19:15:44Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.\n\n### Details\n\nThe p2p handler spawned a new goroutine to respond to `ping` requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.\n\n### Patches\n\nThe fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. \n\nFixed by https://github.com/ethereum/go-ethereum/pull/27887\n\n### Workarounds\n\nNo known workarounds. \n\n### Credits\n\nThis bug was reported by Patrick McHardy and reported via [bounty@ethereum.org](mailto:bounty@ethereum.org). \n\n### References\n\n",
  "id": "GHSA-ppjg-v974-84cm",
  "modified": "2023-11-08T17:39:39Z",
  "published": "2023-09-06T19:49:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40591"
    },
    {
      "type": "WEB",
      "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethereum/go-ethereum"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Go-Ethereum vulnerable to denial of service via malicious p2p message"
}

GHSA-PPM9-GJ8R-CCQM

Vulnerability from github – Published: 2025-01-14 03:31 – Updated: 2025-01-16 18:30
VLAI
Details

An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T01:15:14Z",
    "severity": "HIGH"
  },
  "details": "An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.",
  "id": "GHSA-ppm9-gj8r-ccqm",
  "modified": "2025-01-16T18:30:59Z",
  "published": "2025-01-14T03:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57655"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openlink/virtuoso-opensource/issues/1216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPW6-G989-268J

Vulnerability from github – Published: 2025-01-21 21:30 – Updated: 2025-11-03 21:32
VLAI
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T21:15:18Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-ppw6-g989-268j",
  "modified": "2025-11-03T21:32:20Z",
  "published": "2025-01-21T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21529"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250131-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPWR-3QV2-M3PP

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48
VLAI
Details

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.",
  "id": "GHSA-ppwr-3qv2-m3pp",
  "modified": "2022-05-13T01:48:43Z",
  "published": "2022-05-13T01:48:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10193"
    },
    {
      "type": "WEB",
      "url": "https://forums.lastpass.com/viewtopic.php?f=12\u0026t=286955"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/LastPassHelp/status/955478245650071552"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=wTcYWZwq3TE"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPX8-QQ3Q-GFV8

Vulnerability from github – Published: 2022-05-14 01:28 – Updated: 2022-05-14 01:28
VLAI
Details

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-06T08:29:00Z",
    "severity": "HIGH"
  },
  "details": "There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.",
  "id": "GHSA-ppx8-qq3q-gfv8",
  "modified": "2022-05-14T01:28:27Z",
  "published": "2022-05-14T01:28:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9587"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
    },
    {
      "type": "WEB",
      "url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPXX-5M9H-6VXF

Vulnerability from github – Published: 2024-01-10 15:08 – Updated: 2024-05-20 21:59
VLAI
Summary
quic-go's path validation mechanism can be exploited to cause denial of service
Details

An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate.

I published a more detailed description of the attack and its mitigation in this blog post: https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/

There's no way to mitigate this attack, please update quic-go to a version that contains the fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/quic-go/quic-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.40.0"
            },
            {
              "fixed": "0.40.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.40.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/quic-go/quic-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.39.0"
            },
            {
              "fixed": "0.39.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/quic-go/quic-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.38.0"
            },
            {
              "fixed": "0.38.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/quic-go/quic-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.37.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-10T15:08:40Z",
    "nvd_published_at": "2024-01-10T22:15:50Z",
    "severity": "MODERATE"
  },
  "details": "An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer\u0027s RTT estimate.\n\nI published a more detailed description of the attack and its mitigation in this blog post: https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/\n\nThere\u0027s no way to mitigate this attack, please update quic-go to a version that contains the fix.",
  "id": "GHSA-ppxx-5m9h-6vxf",
  "modified": "2024-05-20T21:59:16Z",
  "published": "2024-01-10T15:08:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49295"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/quic-go/quic-go"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5RSHDTVMYAIGYVVFGKTMFHAZJMA3EVV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE7IOKXX5AATU2WR3V76X5Y3A44QAATG"
    },
    {
      "type": "WEB",
      "url": "https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "quic-go\u0027s path validation mechanism can be exploited to cause denial of service"
}

GHSA-PQ5P-34CR-23V9

Vulnerability from github – Published: 2025-10-10 20:26 – Updated: 2025-11-03 18:31
VLAI
Summary
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Details

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.

Impact

  • Attack vector: unauthenticated network attacker submits a malicious JWS/JWT.

  • Effect: base64 decode + JSON/crypto processing of huge buffers pegs CPU and allocates large amounts of RAM; a single request can exhaust service capacity.

  • Observed behaviour: on a test host, the legacy code verified a 500 MB header, consuming ~4 GB RSS and ~9 s CPU before failing.

  • Severity: High. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5).

Affected Versions Authlib ≤ 1.6.3 (and earlier) when verifying JWS/JWT tokens. Later snapshots with 256 KB header/signature limits are not affected.

Proof of concept

Local demo (do not run against third-party systems): Download jws_segment_dos_demo.py the PoC in direcotry authlib/ Run following Command

python3 jws_segment_dos_demo.py --variant both --sizes "500MB" --fork-per-case

Environment: Python 3.13.6, Authlib 1.6.4, Linux x86_64, CPUs=8 Sample output: Refined image

The compilation script prints separate “[ATTACKER]” (token construction) and “[SERVER]” (Authlib verification) RSS deltas so defenders can distinguish client-side preparation from server-side amplification. Regression tests authlib/tests/dos/test_jose_dos.py further capture the issue; the saved original_util.py/original_jws.py reproductions still accept the malicious payload.

Remediation

  • Apply the upstream patch that introduces decoded size limits:

  • MAX_HEADER_SEGMENT_BYTES = 256 KB

  • MAX_SIGNATURE_SEGMENT_BYTES = 256 KB

  • Enforce Limits in authlib/jose/util.extract_segment and _extract_signature.

  • Deploy the patched release immediately.

  • For additional defence in depth, reject JWS/JWT inputs above a few kilobytes at the proxy or WAF layer, and rate-limit verification endpoints.

Workarounds (temporary)

  • Enforce input size limits before handing tokens to Authlib.

  • Use application-level throttling to reduce amplification risk.

Resources

  • Demo script: jws_segment_dos_demo.py

  • Tests: authlib/tests/dos/test_jose_dos.py

  • OWASP JWT Cheat Sheet (DoS guidance)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "authlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-10T20:26:43Z",
    "nvd_published_at": "2025-10-10T20:15:37Z",
    "severity": "HIGH"
  },
  "details": "**Summary**\nAuthlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.\n\n**Impact**\n\n- Attack vector: unauthenticated network attacker submits a malicious JWS/JWT.\n\n- Effect: base64 decode + JSON/crypto processing of huge buffers pegs CPU and allocates large amounts of RAM; a single request can exhaust service capacity.\n\n- Observed behaviour: on a test host, the legacy code verified a 500\u202fMB header, consuming ~4\u202fGB RSS and ~9\u202fs CPU before failing.\n\n- Severity: High. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5).\n\nAffected Versions\nAuthlib \u2264\u202f1.6.3 (and earlier) when verifying JWS/JWT tokens. Later snapshots with 256\u202fKB header/signature limits are not affected.\n\n**Proof of concept**\n\nLocal demo (do not run against third-party systems):\nDownload [jws_segment_dos_demo.py](https://github.com/user-attachments/files/22450820/jws_segment_dos_demo.py) the PoC in direcotry authlib/\nRun following Command\n```\npython3 jws_segment_dos_demo.py --variant both --sizes \"500MB\" --fork-per-case\n\n```\nEnvironment: Python 3.13.6, Authlib 1.6.4, Linux x86_64, CPUs=8 \nSample output: Refined\n\u003cimg width=\"1295\" height=\"306\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6dd8410f-bc36-4717-8cee-649bac9bf291\" /\u003e\n\n\n\n\nThe compilation script prints separate \u201c[ATTACKER]\u201d (token construction) and \u201c[SERVER]\u201d (Authlib verification) RSS deltas so defenders can distinguish client-side preparation from server-side amplification. Regression tests authlib/tests/dos/test_jose_dos.py further capture the issue; the saved original_util.py/original_jws.py reproductions still accept the malicious payload.\n\n**Remediation**\n\n- Apply the upstream patch that introduces decoded size limits:\n\n- MAX_HEADER_SEGMENT_BYTES = 256 KB\n\n- MAX_SIGNATURE_SEGMENT_BYTES = 256 KB\n\n- Enforce Limits in authlib/jose/util.extract_segment and _extract_signature.\n\n- Deploy the patched release immediately.\n\n- For additional defence in depth, reject JWS/JWT inputs above a few kilobytes at the proxy or WAF layer, and rate-limit verification endpoints.\n\n**Workarounds (temporary)**\n\n- Enforce input size limits before handing tokens to Authlib.\n\n- Use application-level throttling to reduce amplification risk.\n\n**Resources**\n\n- Demo script: jws_segment_dos_demo.py\n\n- Tests: authlib/tests/dos/test_jose_dos.py\n\n- OWASP JWT Cheat Sheet (DoS guidance)",
  "id": "GHSA-pq5p-34cr-23v9",
  "modified": "2025-11-03T18:31:46Z",
  "published": "2025-10-10T20:26:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
    },
    {
      "type": "WEB",
      "url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/authlib/authlib"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Authlib is vulnerable to Denial of Service via Oversized JOSE Segments"
}

GHSA-PQ64-V7F5-GQH8

Vulnerability from github – Published: 2021-03-29 16:33 – Updated: 2024-10-14 16:10
VLAI
Summary
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
Details

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Pygments"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1"
            },
            {
              "fixed": "2.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T20:28:40Z",
    "nvd_published_at": "2021-03-17T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.",
  "id": "GHSA-pq64-v7f5-gqh8",
  "modified": "2024-10-14T16:10:54Z",
  "published": "2021-03-29T16:33:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pygments/pygments"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4878"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Pygments vulnerable to Regular Expression Denial of Service (ReDoS)"
}

GHSA-PQGF-8VRH-RR46

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:15:51Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.",
  "id": "GHSA-pqgf-8vrh-rr46",
  "modified": "2025-04-08T18:34:47Z",
  "published": "2025-04-08T18:34:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26673"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQGJ-2P96-RX85

Vulnerability from github – Published: 2026-02-24 15:29 – Updated: 2026-02-24 15:29
VLAI
Summary
ImageMagick: Infinite loop vulnerability when parsing a PCD file
Details

When a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-24T15:29:12Z",
    "nvd_published_at": "2026-02-24T01:16:12Z",
    "severity": "HIGH"
  },
  "details": "When a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.",
  "id": "GHSA-pqgj-2p96-rx85",
  "modified": "2026-02-24T15:29:12Z",
  "published": "2026-02-24T15:29:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24485"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick: Infinite loop vulnerability when parsing a PCD file"
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.