CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5433 vulnerabilities reference this CWE, most recent first.
GHSA-Q27G-667C-GWVG
Vulnerability from github – Published: 2022-02-18 00:00 – Updated: 2026-07-05 03:30Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.
{
"affected": [],
"aliases": [
"CVE-2022-22899"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-17T13:15:00Z",
"severity": "MODERATE"
},
"details": "Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.",
"id": "GHSA-q27g-667c-gwvg",
"modified": "2026-07-05T03:30:44Z",
"published": "2022-02-18T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22899"
},
{
"type": "WEB",
"url": "https://yoursecuritybores.me/coreftp-vulnerabilities"
},
{
"type": "WEB",
"url": "http://coreftp.com"
},
{
"type": "WEB",
"url": "http://coreftp.com/forums/viewtopic.php?f=15\u0026t=4022509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q27H-HW2V-X5JM
Vulnerability from github – Published: 2023-11-17 00:31 – Updated: 2023-11-17 14:58An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/free5gc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-47025"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-17T14:58:08Z",
"nvd_published_at": "2023-11-16T23:15:08Z",
"severity": "HIGH"
},
"details": "An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.",
"id": "GHSA-q27h-hw2v-x5jm",
"modified": "2023-11-17T14:58:08Z",
"published": "2023-11-17T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47025"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/501"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/free5gc"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component"
}
GHSA-Q28M-8XJW-8VR5
Vulnerability from github – Published: 2021-05-18 01:27 – Updated: 2023-05-16 16:19This vulnerability is related to CVE-2019-16770.
Impact
The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster.
A puma server which received more concurrent keep-alive connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections.
Patches
This problem has been fixed in puma 4.3.8 and 5.3.1.
Workarounds
Setting queue_requests false also fixes the issue. This is not advised when using puma without a reverse proxy, such as nginx or apache, because you will open yourself to slow client attacks (e.g. slowloris).
The fix is very small. A git patch is available here for those using unsupported versions of Puma.
For more information
If you have any questions or comments about this advisory:
- Open an issue in Puma.
- To report problems with this fix or to report another vulnerability, see our security policy.
Acknowledgements
Thank you to @MSP-Greg, @wjordan and @evanphx for their review on this issue.
Thank you to @ioquatix for providing a modified fork of wrk which made debugging this issue much easier.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.3.7"
},
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.3.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29509"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T01:26:55Z",
"nvd_published_at": "2021-05-11T17:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability is related to [CVE-2019-16770](https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994).\n\n### Impact\n\nThe fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster.\n\nA `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections.\n\n### Patches\n\nThis problem has been fixed in `puma` 4.3.8 and 5.3.1.\n\n### Workarounds\n\nSetting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. [slowloris](https://en.wikipedia.org/wiki/Slowloris_(computer_security))).\n\nThe fix is very small. [A git patch is available here](https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837) for those using [unsupported versions](https://github.com/puma/puma/security/policy#supported-versions) of Puma.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma).\n* To report problems with this fix or to report another vulnerability, see [our security policy.](https://github.com/puma/puma/security/policy)\n\n### Acknowledgements\n\nThank you to @MSP-Greg, @wjordan and @evanphx for their review on this issue. \n\nThank you to @ioquatix for providing a modified fork of `wrk` which made debugging this issue much easier.",
"id": "GHSA-q28m-8xjw-8vr5",
"modified": "2023-05-16T16:19:44Z",
"published": "2021-05-18T01:27:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29509"
},
{
"type": "WEB",
"url": "https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837"
},
{
"type": "PACKAGE",
"url": "https://github.com/puma/puma"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/policy"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-29509.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"type": "WEB",
"url": "https://rubygems.org/gems/puma"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-28"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Puma\u0027s Keepalive Connections Causing Denial Of Service"
}
GHSA-Q28R-GGR6-763F
Vulnerability from github – Published: 2024-08-08 12:30 – Updated: 2024-08-08 12:30Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
{
"affected": [],
"aliases": [
"CVE-2024-5423"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-08T11:15:13Z",
"severity": "MODERATE"
},
"details": "Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.",
"id": "GHSA-q28r-ggr6-763f",
"modified": "2024-08-08T12:30:35Z",
"published": "2024-08-08T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5423"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2518563"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463807"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q292-6RRQ-QV64
Vulnerability from github – Published: 2022-05-03 03:14 – Updated: 2022-05-03 03:14bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
{
"affected": [],
"aliases": [
"CVE-2005-1260"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-05-19T04:00:00Z",
"severity": "MODERATE"
},
"details": "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\").",
"id": "GHSA-q292-6rrq-qv64",
"modified": "2022-05-03T03:14:09Z",
"published": "2022-05-03T03:14:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1260"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/127-1"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/15447"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19183"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27274"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27643"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-741"
},
{
"type": "WEB",
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/13657"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/3525"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/3868"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q29V-XC37-WH5M
Vulnerability from github – Published: 2026-06-03 21:15 – Updated: 2026-06-03 21:15Impact
The HTML backend did not perform sufficient validation during resource handling:
- Accepted file:// URIs enabling local file system access when enable_local_fetch=True
- Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths
- Did not block internal network resources under enable_remote_fetch=True
- HTTP redirects were not validated, potentially redirecting to unintended schemes
- No resource limits for remote image downloads and data: URIs
Patches
Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:
- Updated local path treatment: absolute files always blocked, relative paths require enable_local_fetch=True (default: False) and containment within configured base_path for path traversal protection
- file:// scheme stripped & treated as local path (above)
- IP address validation to prevent SSRF
- HTTP redirect validation, connection and read timeouts
- Size limit for both remote images (with streaming download) and base64-decoded data URIs
Workarounds
Keep both enable_local_fetch=False and enable_remote_fetch=False (defaults) when processing untrusted HTML documents.
References
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "docling"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.94.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47214"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-03T21:15:02Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nThe HTML backend did not perform sufficient validation during resource handling:\n- Accepted `file://` URIs enabling local file system access when `enable_local_fetch=True`\n- Path resolution allowed traversal outside intended directories via `../` sequences and absolute paths\n- Did not block internal network resources under `enable_remote_fetch=True`\n- HTTP redirects were not validated, potentially redirecting to unintended schemes\n- No resource limits for remote image downloads and `data:` URIs\n\n### Patches\nFixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:\n- Updated local path treatment: absolute files always blocked, relative paths require `enable_local_fetch=True` (default: False) and containment within configured `base_path` for path traversal protection\n- `file://` scheme stripped \u0026 treated as local path (above)\n- IP address validation to prevent SSRF\n- HTTP redirect validation, connection and read timeouts\n- Size limit for both remote images (with streaming download) and base64-decoded data URIs\n\n### Workarounds\nKeep both `enable_local_fetch=False` and `enable_remote_fetch=False` (defaults) when processing untrusted HTML documents.\n\n### References\n- Initial fixes: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)\n- Additional improvements: [v2.94.0](https://github.com/docling-project/docling/releases/tag/v2.94.0)",
"id": "GHSA-q29v-xc37-wh5m",
"modified": "2026-06-03T21:15:02Z",
"published": "2026-06-03T21:15:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/docling-project/docling/security/advisories/GHSA-q29v-xc37-wh5m"
},
{
"type": "PACKAGE",
"url": "https://github.com/docling-project/docling"
},
{
"type": "WEB",
"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0"
},
{
"type": "WEB",
"url": "https://github.com/docling-project/docling/releases/tag/v2.94.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Docling: Unsafe URI and Path Handling in HTML Backend"
}
GHSA-Q2CV-V83M-R24W
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 21:30In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-47370"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.",
"id": "GHSA-q2cv-v83m-r24w",
"modified": "2023-02-21T21:30:19Z",
"published": "2023-02-12T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47370"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2FM-89C2-X6C2
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2024-03-12 12:30A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.
{
"affected": [],
"aliases": [
"CVE-2022-45044"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.",
"id": "GHSA-q2fm-89c2-x6c2",
"modified": "2024-03-12T12:30:45Z",
"published": "2022-12-13T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45044"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-552874.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q2JF-H9JM-M7P4
Vulnerability from github – Published: 2023-02-01 21:30 – Updated: 2024-09-20 15:40In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "3.2a1"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.0a1"
},
{
"fixed": "4.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.1a1"
},
{
"fixed": "4.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-23969"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-03T21:07:17Z",
"nvd_published_at": "2023-02-01T19:15:00Z",
"severity": "HIGH"
},
"details": "In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.",
"id": "GHSA-q2jf-h9jm-m7p4",
"modified": "2024-09-20T15:40:25Z",
"published": "2023-02-01T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23969"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/4.1/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!forum/django-announce"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230302-0007"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2023/feb/01/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Django contains Uncontrolled Resource Consumption via cached header"
}
GHSA-Q2PM-6838-P3JM
Vulnerability from github – Published: 2022-05-14 03:44 – Updated: 2025-11-03 21:30Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
{
"affected": [],
"aliases": [
"CVE-2017-14180"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-02T14:29:00Z",
"severity": "HIGH"
},
"details": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.",
"id": "GHSA-q2pm-6838-p3jm",
"modified": "2025-11-03T21:30:30Z",
"published": "2022-05-14T03:44:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14180"
},
{
"type": "WEB",
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/1726372"
},
{
"type": "WEB",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.