CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5435 vulnerabilities reference this CWE, most recent first.
GHSA-Q5QX-CVHV-QFQ2
Vulnerability from github – Published: 2023-07-18 18:30 – Updated: 2024-04-04 06:13The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack.
{
"affected": [],
"aliases": [
"CVE-2023-2263"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-18T16:15:11Z",
"severity": "HIGH"
},
"details": "\nThe Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. \u00a0The new ENIP connections cannot be established if impacted by this vulnerability, \u00a0which prohibits operational capabilities of the device resulting in a denial-of-service attack.\n\n\n",
"id": "GHSA-q5qx-cvhv-qfq2",
"modified": "2024-04-04T06:13:52Z",
"published": "2023-07-18T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2263"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140029"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5R6-9QWQ-G2WJ
Vulnerability from github – Published: 2025-10-09 22:15 – Updated: 2025-10-09 22:15Summary
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Impact
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. This invalid input triggered an error condition in the parser that was handled improperly, resulting in an infinite loop.
Impacted versions:
<1.3.2
Patches
This issue has been addressed in Amazon.IonDotnet version 1.3.2. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
Only accept data from trusted sources, written using a supported Ion library.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Amazon.IonDotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-11573"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-09T22:15:57Z",
"nvd_published_at": "2025-10-09T18:15:49Z",
"severity": "HIGH"
},
"details": "### Summary\nAmazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receive further updates.\n\n### Impact\nAn infinite loop issue in Amazon.IonDotnet library versions \u003cv1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. This invalid input triggered an error condition in the parser that was handled improperly, resulting in an infinite loop.\n\n### Impacted versions:\n\u003c1.3.2\n\n### Patches\nThis issue has been addressed in Amazon.IonDotnet version [1.3.2](https://www.nuget.org/packages/Amazon.IonDotnet/1.3.2). We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.\n\n### Workarounds\nOnly accept data from trusted sources, written using a supported Ion library.\n\n### References\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.",
"id": "GHSA-q5r6-9qwq-g2wj",
"modified": "2025-10-09T22:15:57Z",
"published": "2025-10-09T22:15:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11573"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/pull/160"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/commit/edaff75fe5abbb71e647bed812c608c0c5e2fbab"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-022"
},
{
"type": "PACKAGE",
"url": "https://github.com/amazon-ion/ion-dotnet"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Amazon.IonDotnet is vulnerable to Denial of Service attacks"
}
GHSA-Q5V7-7R3X-M7HG
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users.
{
"affected": [],
"aliases": [
"CVE-2024-12063"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:26Z",
"severity": "HIGH"
},
"details": "A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users.",
"id": "GHSA-q5v7-7r3x-m7hg",
"modified": "2025-03-20T12:32:42Z",
"published": "2025-03-20T12:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12063"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/7db0091f-cb53-4cde-aad7-7ce491dfd8d9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q632-7V8J-586G
Vulnerability from github – Published: 2024-08-19 06:30 – Updated: 2024-08-28 15:31ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.
{
"affected": [],
"aliases": [
"CVE-2024-44083"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-19T04:15:04Z",
"severity": "CRITICAL"
},
"details": "ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.",
"id": "GHSA-q632-7v8j-586g",
"modified": "2024-08-28T15:31:13Z",
"published": "2024-08-19T06:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44083"
},
{
"type": "WEB",
"url": "https://github.com/Azvanzed/CVE-2024-44083"
},
{
"type": "WEB",
"url": "https://github.com/Azvanzed/IdaMeme"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q652-P9GF-VFQ3
Vulnerability from github – Published: 2023-06-08 03:30 – Updated: 2025-06-09 15:31D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
{
"affected": [],
"aliases": [
"CVE-2023-34969"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-404"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-08T03:15:08Z",
"severity": "MODERATE"
},
"details": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.",
"id": "GHSA-q652-p9gf-vfq3",
"modified": "2025-06-09T15:31:35Z",
"published": "2023-06-08T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34969"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231208-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q663-QWPJ-9W6Q
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.
{
"affected": [],
"aliases": [
"CVE-2020-29540"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-08T13:15:00Z",
"severity": "HIGH"
},
"details": "API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.",
"id": "GHSA-q663-qwpj-9w6q",
"modified": "2022-05-24T17:35:44Z",
"published": "2022-05-24T17:35:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29540"
},
{
"type": "WEB",
"url": "https://grave-rose.medium.com/two-systran-vulnerabilities-and-their-exploits-8bc83ba29e14"
},
{
"type": "WEB",
"url": "https://www.systransoft.com/translation-products/systran-pure-neural-server"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q674-XM3X-2926
Vulnerability from github – Published: 2022-01-06 21:37 – Updated: 2022-01-07 16:08The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-link-header"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23490"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T20:18:47Z",
"nvd_published_at": "2021-12-24T20:15:00Z",
"severity": "HIGH"
},
"details": "The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.",
"id": "GHSA-q674-xm3x-2926",
"modified": "2022-01-07T16:08:29Z",
"published": "2022-01-06T21:37:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23490"
},
{
"type": "WEB",
"url": "https://github.com/thlorenz/parse-link-header/commit/72f05c717b3f129c5331a07bf300ed8886eb8ae1"
},
{
"type": "PACKAGE",
"url": "https://github.com/thlorenz/parse-link-header"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2321973"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-PARSELINKHEADER-1582783"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Resource Consumption in parse-link-header"
}
GHSA-Q6CP-QFWQ-4GCV
Vulnerability from github – Published: 2024-04-05 15:05 – Updated: 2024-04-05 15:05An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage.
Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency.
More details at https://seanmonstar.com/blog/hyper-http2-continuation-flood/.
Patches available for 0.4.x and 0.3.x versions.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "h2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "h2"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-05T15:05:32Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely. This results in an increase in CPU usage.\n\nTokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency.\n\nMore details at https://seanmonstar.com/blog/hyper-http2-continuation-flood/.\n\nPatches available for 0.4.x and 0.3.x versions.\n",
"id": "GHSA-q6cp-qfwq-4gcv",
"modified": "2024-04-05T15:05:32Z",
"published": "2024-04-05T15:05:32Z",
"references": [
{
"type": "PACKAGE",
"url": "https://github.com/hyperium/h2"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0332.html"
},
{
"type": "WEB",
"url": "https://seanmonstar.com/blog/hyper-http2-continuation-flood"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "h2 servers vulnerable to degradation of service with CONTINUATION Flood"
}
GHSA-Q6HX-3M4P-749H
Vulnerability from github – Published: 2023-12-11 20:29 – Updated: 2023-12-11 20:29Summary
nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests.
The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.
Details
fetchOptions are obtained directly from the request body. These are then passed directly into ofetch
.
We can construct a URL we know will not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively.
PoC
POC using Node.
await fetch("http://localhost:3000/api/__api_party/MyEndpoint", {
method: "POST",
body: JSON.stringify({ path: "x:x", retry: 9999999 }),
headers: { "Content-Type": "application/json" }
})
We can use __proto__ as a substitute for the endpoint if it is not known.
await fetch("http://localhost:3000/api/__api_party/__proto__", {
method: "POST",
body: JSON.stringify({ path: "x:x", retry: 9999999 }),
headers: { "Content-Type": "application/json" }
})
We can build the size of the stack faster by using more complicated URIs
await fetch("http://localhost:3000/api/__api_party/__proto__", {
method: "POST",
body: JSON.stringify({ path: "data:x;base64,----", retry: 9999999 }),
headers: { "Content-Type": "application/json" }
})
Impact
Full DOS, server is unusable during attack. Requires a single request.
Fix
Limit which options can be passed to ofetch.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nuxt-api-party"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-49800"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-11T20:29:10Z",
"nvd_published_at": "2023-12-09T00:15:07Z",
"severity": "HIGH"
},
"details": "### Summary\n`nuxt-api-party` allows developers to proxy requests to an API without exposing credentials to the client. [`ofetch`](https://github.com/unjs/ofetch) is used to send the requests. \n\nThe library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.\n\n### Details\n`fetchOptions` [are obtained directly from the request body](https://github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L27). These are then [passed directly into `ofetch`\n](https://github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L57C15-L57C15).\n\nWe can construct a URL we know will not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively. \n\n### PoC\nPOC using Node.\n\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/MyEndpoint\", {\n method: \"POST\",\n body: JSON.stringify({ path: \"x:x\", retry: 9999999 }),\n headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\nWe can use `__proto__` as a substitute for the endpoint if it is not known.\n\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/__proto__\", {\n method: \"POST\",\n body: JSON.stringify({ path: \"x:x\", retry: 9999999 }),\n headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\nWe can build the size of the stack faster by using more complicated URIs\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/__proto__\", {\n method: \"POST\",\n body: JSON.stringify({ path: \"data:x;base64,----\", retry: 9999999 }),\n headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\n### Impact\nFull DOS, server is unusable during attack. Requires a single request. \n\n### Fix \nLimit which options can be passed to `ofetch`.\n",
"id": "GHSA-q6hx-3m4p-749h",
"modified": "2023-12-11T20:29:10Z",
"published": "2023-12-11T20:29:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hx-3m4p-749h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49800"
},
{
"type": "PACKAGE",
"url": "https://github.com/johannschopplich/nuxt-api-party"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "DOS by abusing `fetchOptions.retry`. "
}
GHSA-Q6VM-3Q95-JVVP
Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-19 00:00An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
{
"affected": [],
"aliases": [
"CVE-2022-1431"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-10T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.",
"id": "GHSA-q6vm-3q95-jvvp",
"modified": "2022-05-19T00:00:20Z",
"published": "2022-05-11T00:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1431"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/996850"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1431.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/262724"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.