Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5401 vulnerabilities reference this CWE, most recent first.

GHSA-XHV5-W9C5-2R2W

Vulnerability from github – Published: 2021-02-02 21:42 – Updated: 2022-10-25 20:51
VLAI
Summary
Unbounded connection acceptance in http4s-blaze-server
Details

Impact

blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections.

http4s provides a general MaxActiveRequests middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open.

Patches

In 0.21.18, 0.22.0-M3, and 1.0.0-M16, a newmaxConnections property, with a default value of 1024, has been added to the BlazeServerBuilder. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended.

The NIO2 backend does not respect maxConnections. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22.

The connections are bounded in 0.21.17, 0.22.0-M2, and 1.0.0-M14, but the maxConnections parameter was passed incorrectly, making it impossible to change the Blaze default of 512.

Workarounds

  • An Nginx side-car acting as a reverse proxy for the local http4s-blaze-server instance would be able to apply a connection limiting semantic before the sockets reach blaze-core. Nginx’s connection bounding is both asynchronous and properly respects backpressure.
  • http4s-ember-server is an alternative to http4s-blaze-server, but does not yet have HTTP/2 or web socket support. Its performance in terms of RPS is appreciably behind Blaze’s, and as the newest backend, has substantially less industrial uptake.
  • http4s-jetty is an alternative to http4s-blaze-server, but does not yet have web socket support. Its performance in terms of requests per second is somewhat behind Blaze’s, and despite Jetty's industrial adoption, the http4s integration has substantially less industrial uptake.
  • http4s-tomcat is an alternative to http4s-blaze-server, but does not yet have HTTP/2 web socket support. Its performance in terms of requests per second is somewhat behind Blaze’s, and despite Jetty's industrial adoption, the http4s integration has substantially less industrial uptake.

References

See the Blaze GHSA for more on the underlying issue.

For more information

If you have any questions or comments about this advisory: * Open an issue in http4s/http4s * Contact us according to the http4s security policy

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.http4s:http4s-blaze-server_2.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.21.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.http4s:http4s-blaze-server_2.13"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.21.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-02T21:42:25Z",
    "nvd_published_at": "2021-02-02T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nblaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections.\n\nhttp4s provides a general `MaxActiveRequests` middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open.\n\n### Patches\n\nIn 0.21.18, 0.22.0-M3, and 1.0.0-M16, a new`maxConnections` property, with a default value of 1024, has been added to the `BlazeServerBuilder`.  Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended.  \n\nThe NIO2 backend does not respect `maxConnections`.  Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22.\n\nThe connections are bounded in 0.21.17, 0.22.0-M2, and 1.0.0-M14, but the `maxConnections` parameter was passed incorrectly, making it impossible to change the Blaze default of 512. \n\n### Workarounds\n* An Nginx side-car acting as a reverse proxy for the local http4s-blaze-server instance would be able to apply a connection limiting semantic before the sockets reach blaze-core. Nginx\u2019s connection bounding is both asynchronous and properly respects backpressure.\n* http4s-ember-server is an alternative to http4s-blaze-server, but does not yet have HTTP/2 or web socket support.  Its performance in terms of RPS is appreciably behind Blaze\u2019s, and as the newest backend, has substantially less industrial uptake.\n* http4s-jetty is an alternative to http4s-blaze-server, but does not yet have web socket support.  Its performance in terms of requests per second is somewhat behind Blaze\u2019s, and despite Jetty\u0027s industrial adoption, the http4s integration has substantially less industrial uptake.\n* http4s-tomcat is an alternative to http4s-blaze-server, but does not yet have HTTP/2 web socket support.  Its performance in terms of requests per second is somewhat behind Blaze\u2019s, and despite Jetty\u0027s industrial adoption, the http4s integration has substantially less industrial uptake.\n\n### References\n\nSee [the Blaze GHSA](https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc) for more on the underlying issue.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [http4s/http4s](http://github.com/http4s/http4s)\n* Contact us according to the [http4s security policy](https://github.com/http4s/http4s/security/policy)",
  "id": "GHSA-xhv5-w9c5-2r2w",
  "modified": "2022-10-25T20:51:11Z",
  "published": "2021-02-02T21:42:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/http4s/http4s/security/advisories/GHSA-xhv5-w9c5-2r2w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21294"
    },
    {
      "type": "WEB",
      "url": "https://github.com/http4s/http4s/commit/987d6589ef79545b9bb2324ac4bdebf82d9a0171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unbounded connection acceptance in http4s-blaze-server"
}

GHSA-XJ5R-2VXF-3CH7

Vulnerability from github – Published: 2023-04-16 03:30 – Updated: 2024-04-04 03:29
VLAI
Details

On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-16T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.",
  "id": "GHSA-xj5r-2vxf-3ch7",
  "modified": "2024-04-04T03:29:53Z",
  "published": "2023-04-16T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40946"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whokilleddb/dlink-dir-819-dos"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/security-bulletin"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171484/D-Link-DIR-819-A1-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ5V-6V4G-JFW6

Vulnerability from github – Published: 2024-02-28 22:57 – Updated: 2024-02-29 02:30
VLAI
Summary
Rack has possible DoS Vulnerability with Range Header
Details

Possible DoS Vulnerability with Range Header in Rack

There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.

Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1

Impact

Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue.

Vulnerable applications will use the Rack::File middleware or the Rack::Utils.byte_ranges methods (this includes Rails applications).

Releases

The fixed releases are available at the normal locations.

Workarounds

There are no feasible workarounds for this issue.

Patches

To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

  • 3-0-range.patch - Patch for 3.0 series
  • 2-2-range.patch - Patch for 2.2 series

Credits

Thank you ooooooo_q for the report and patch

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "2.2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-26141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-28T22:57:12Z",
    "nvd_published_at": "2024-02-29T00:15:51Z",
    "severity": "LOW"
  },
  "details": "# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  \u003e= 1.3.0.\nNot affected:       \u003c 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch",
  "id": "GHSA-xj5v-6v4g-jfw6",
  "modified": "2024-02-29T02:30:42Z",
  "published": "2024-02-28T22:57:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b"
    },
    {
      "type": "WEB",
      "url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Rack has possible DoS Vulnerability with Range Header"
}

GHSA-XJ62-87PG-VCV3

Vulnerability from github – Published: 2019-02-18 23:38 – Updated: 2023-09-13 22:47
VLAI
Summary
Regular Expression Denial of Service in jshamcrest
Details

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator.

Proof of concept

var js = require('jshamcrest')
var emailAddress = new js.JsHamcrest.Matchers.emailAddress();


var genstr = function (len, chr) {
    var result = "";
    for (i=0; i<=len; i++) {
        result = result + chr;
    }

    return result;
}


for (i=1;i<=10000000;i=i+1) {
    console.log("COUNT: " + i);
    var str = '66666666666666666666666666666@ffffffffffffffffffffffffffffffff.' + genstr(i, 'a') + '{'
    console.log("LENGTH: " + str.length);
    var start = process.hrtime();
    emailAddress.matches(str)

    var end = process.hrtime(start);
    console.log(end);
}

Results

It takes about 116 characters to get a 1.6 second event loop block.

[ 1, 633084590 ]
COUNT: 51
LENGTH: 116

Timeline

  • October 25, 2015 - Vulnerability Identified
  • October 25, 2015 - Maintainers notified (no response)

Recommendation

The jshamcrest package currently has no patched versions available.

At this time, the best available mitigation is to use an alternative module that is actively maintained and provides similar functionality. There are multiple modules fitting this criteria available on npm..

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jshamcrest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:03:34Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The `jshamcrest` package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator.\n\n\n## Proof of concept\n\n```js\nvar js = require(\u0027jshamcrest\u0027)\nvar emailAddress = new js.JsHamcrest.Matchers.emailAddress();\n\n\nvar genstr = function (len, chr) {\n    var result = \"\";\n    for (i=0; i\u003c=len; i++) {\n        result = result + chr;\n    }\n\n    return result;\n}\n\n\nfor (i=1;i\u003c=10000000;i=i+1) {\n    console.log(\"COUNT: \" + i);\n    var str = \u002766666666666666666666666666666@ffffffffffffffffffffffffffffffff.\u0027 + genstr(i, \u0027a\u0027) + \u0027{\u0027\n    console.log(\"LENGTH: \" + str.length);\n    var start = process.hrtime();\n    emailAddress.matches(str)\n\n    var end = process.hrtime(start);\n    console.log(end);\n}\n```\n\n### Results\nIt takes about 116 characters to get a 1.6 second event loop block.\n```\n[ 1, 633084590 ]\nCOUNT: 51\nLENGTH: 116\n```\n\n# Timeline\n- October 25, 2015 - Vulnerability Identified\n- October 25, 2015 - Maintainers notified (no response)\n\n\n## Recommendation\n\nThe `jshamcrest` package currently has no patched versions available.\n\nAt this time, the best available mitigation is to use an alternative module that is actively maintained and provides similar functionality. There are [multiple modules fitting this criteria available on npm.](https://www.npmjs.com/search?q=validator).",
  "id": "GHSA-xj62-87pg-vcv3",
  "modified": "2023-09-13T22:47:33Z",
  "published": "2019-02-18T23:38:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10521"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-xj62-87pg-vcv3"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/53"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Regular Expression Denial of Service in jshamcrest"
}

GHSA-XJ7M-J8GX-JWQ9

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-06-30 18:31
VLAI
Details

A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition.",
  "id": "GHSA-xj7m-j8gx-jwq9",
  "modified": "2023-06-30T18:31:00Z",
  "published": "2022-05-24T19:15:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1624"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJQG-9JVG-FGX2

Vulnerability from github – Published: 2018-08-21 19:03 – Updated: 2023-03-13 23:53
VLAI
Summary
Nokogiri subject to DoS via libxml2 vulnerability
Details

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 (as used in nokogiri before 1.6.7.1) does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.6.7.0"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "nokogiri"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:03:39Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 (as used in nokogiri before 1.6.7.1) does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.",
  "id": "GHSA-xjqg-9jvg-fgx2",
  "modified": "2023-03-13T23:53:36Z",
  "published": "2018-08-21T19:03:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5312"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
    },
    {
      "type": "WEB",
      "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-37"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3430"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2834-1"
    },
    {
      "type": "WEB",
      "url": "http://xmlsoft.org/news.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Nokogiri subject to DoS via libxml2 vulnerability"
}

GHSA-XJRJ-6839-JG74

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-06-05 00:00
VLAI
Details

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-22T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",
  "id": "GHSA-xjrj-6839-jg74",
  "modified": "2022-06-05T00:00:21Z",
  "published": "2022-05-24T17:45:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28971"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210430-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJRM-79VQ-7XRV

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",
  "id": "GHSA-xjrm-79vq-7xrv",
  "modified": "2022-05-13T01:04:06Z",
  "published": "2022-05-13T01:04:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8374"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94093"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJW7-JPQW-3Q4X

Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30
VLAI
Details

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-05T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.",
  "id": "GHSA-xjw7-jpqw-3q4x",
  "modified": "2023-04-12T21:30:21Z",
  "published": "2023-04-05T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1787"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394817"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM28-FW2X-FQV2

Vulnerability from github – Published: 2019-05-31 23:08 – Updated: 2021-08-04 21:19
VLAI
Summary
Denial of Service in foreman
Details

All versions of foreman are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path.

Recommendation

Upgrade to version 3.0.1.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "foreman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-05-31T23:07:09Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "All versions of `foreman` are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path.\n\n\n## Recommendation\n\nUpgrade to version 3.0.1.",
  "id": "GHSA-xm28-fw2x-fqv2",
  "modified": "2021-08-04T21:19:17Z",
  "published": "2019-05-31T23:08:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/320586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strongloop/node-foreman/blob/v2.0.0/forward.js#L30"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/npm:foreman:20180429"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/645"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of Service in foreman"
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.