CWE-410
AllowedInsufficient Resource Pool
Abstraction: Class · Status: Incomplete
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
33 vulnerabilities reference this CWE, most recent first.
GHSA-28P7-RXH6-3H6X
Vulnerability from github – Published: 2024-02-27 06:30 – Updated: 2024-02-28 03:30Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.
{
"affected": [],
"aliases": [
"CVE-2023-7033"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T04:15:06Z",
"severity": "MODERATE"
},
"details": "Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.",
"id": "GHSA-28p7-rxh6-3h6x",
"modified": "2024-02-28T03:30:30Z",
"published": "2024-02-27T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7033"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU96145466/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-49M6-VRR9-2CQM
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 23:50In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.17.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-0453"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-410"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T23:50:45Z",
"nvd_published_at": "2025-03-20T10:15:53Z",
"severity": "MODERATE"
},
"details": "In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.",
"id": "GHSA-49m6-vrr9-2cqm",
"modified": "2025-03-21T23:50:45Z",
"published": "2025-03-20T12:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0453"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "MLflow Uncontrolled Resource Consumption vulnerability"
}
GHSA-5QWV-R493-496Q
Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-11-03 21:33Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2025-20103"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T21:16:07Z",
"severity": "MODERATE"
},
"details": "Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-5qwv-r493-496q",
"modified": "2025-11-03T21:33:53Z",
"published": "2025-05-13T21:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20103"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5V5H-MR5G-H898
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2025-27479"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:58Z",
"severity": "HIGH"
},
"details": "Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.",
"id": "GHSA-5v5h-mr5g-h898",
"modified": "2025-04-08T18:34:50Z",
"published": "2025-04-08T18:34:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27479"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27479"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6QRW-R6GW-87P7
Vulnerability from github – Published: 2026-02-04 21:30 – Updated: 2026-02-04 21:30IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling.
{
"affected": [],
"aliases": [
"CVE-2025-2134"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T21:15:57Z",
"severity": "LOW"
},
"details": "IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system\u0027s performance using complicated queries due to insufficient resource pooling.",
"id": "GHSA-6qrw-r6gw-87p7",
"modified": "2026-02-04T21:30:32Z",
"published": "2026-02-04T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2134"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7258083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-87XR-Q4CP-2XQH
Vulnerability from github – Published: 2025-05-27 09:30 – Updated: 2025-05-27 09:30An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.
{
"affected": [],
"aliases": [
"CVE-2025-41653"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T09:15:21Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device\u0027s web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.",
"id": "GHSA-87xr-q4cp-2xqh",
"modified": "2025-05-27T09:30:32Z",
"published": "2025-05-27T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41653"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-044"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89J4-P5G9-QF6F
Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-22 00:00A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.
{
"affected": [],
"aliases": [
"CVE-2022-22191"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-14T16:15:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.",
"id": "GHSA-89j4-p5g9-qf6f",
"modified": "2022-04-22T00:00:55Z",
"published": "2022-04-15T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22191"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69502"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-996C-HHRM-W2Q5
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-34019"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:39Z",
"severity": "MODERATE"
},
"details": "When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-996c-hhrm-w2q5",
"modified": "2026-05-13T18:30:54Z",
"published": "2026-05-13T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34019"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000150508"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PMP2-F627-C94J
Vulnerability from github – Published: 2022-11-04 19:01 – Updated: 2022-11-07 19:00A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-20937"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-04T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.",
"id": "GHSA-pmp2-f627-c94j",
"modified": "2022-11-07T19:00:17Z",
"published": "2022-11-04T19:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20937"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PR8Q-V9MH-7JQR
Vulnerability from github – Published: 2025-12-05 00:31 – Updated: 2025-12-05 00:31When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.
{
"affected": [],
"aliases": [
"CVE-2025-12986"
],
"database_specific": {
"cwe_ids": [
"CWE-410"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-04T22:15:47Z",
"severity": "MODERATE"
},
"details": "When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of\u00a0service triggered by a malformed packet. The device may recover automatically or require a hard reset.",
"id": "GHSA-pr8q-v9mh-7jqr",
"modified": "2025-12-05T00:31:05Z",
"published": "2025-12-05T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12986"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000akaGr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Mitigation
Consider implementing a velocity check mechanism which would detect abusive behavior.
Mitigation
Consider load balancing as an option to handle heavy loads.
Mitigation
Make sure that resource handles are properly closed when no longer needed.
Mitigation
Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
No CAPEC attack patterns related to this CWE.