Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5420 vulnerabilities reference this CWE, most recent first.

GHSA-R7QV-F5P4-F3QR

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:05
VLAI
Details

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-19726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:05Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.",
  "id": "GHSA-r7qv-f5p4-f3qr",
  "modified": "2024-04-04T07:05:44Z",
  "published": "2023-08-22T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19726"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26240"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R7X6-6CMJ-2972

Vulnerability from github – Published: 2024-08-06 15:30 – Updated: 2024-08-06 18:30
VLAI
Details

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T14:16:03Z",
    "severity": "HIGH"
  },
  "details": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,",
  "id": "GHSA-r7x6-6cmj-2972",
  "modified": "2024-08-06T18:30:56Z",
  "published": "2024-08-06T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30170"
    },
    {
      "type": "WEB",
      "url": "https://info.ssh.com/improper-input-validation-faq"
    },
    {
      "type": "WEB",
      "url": "https://privx.docs.ssh.com/docs/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R82F-C679-WQMP

Vulnerability from github – Published: 2025-07-07 15:30 – Updated: 2025-07-07 15:30
VLAI
Details

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-07T15:15:28Z",
    "severity": "MODERATE"
  },
  "details": "MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10",
  "id": "GHSA-r82f-c679-wqmp",
  "modified": "2025-07-07T15:30:40Z",
  "published": "2025-07-07T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6712"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-106751"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R84P-88G2-2VX2

Vulnerability from github – Published: 2022-05-13 00:01 – Updated: 2024-03-11 18:49
VLAI
Summary
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
Details

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.0-M15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0-M1"
            },
            {
              "fixed": "10.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.13"
            },
            {
              "fixed": "9.0.63"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.5.38"
            },
            {
              "fixed": "8.5.79"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-11T18:49:58Z",
    "nvd_published_at": "2022-05-12T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.",
  "id": "GHSA-r84p-88g2-2vx2",
  "modified": "2024-03-11T18:49:58Z",
  "published": "2022-05-13T00:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220629-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5265"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption"
}

GHSA-R87G-78MX-3WG4

Vulnerability from github – Published: 2026-06-03 00:30 – Updated: 2026-07-10 17:15
VLAI
Summary
DesktopCommanderMCP is vulnerable to Uncontrolled Resource Consumption
Details

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@wonderwhy-er/desktop-commander"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-10691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-10T17:15:12Z",
    "nvd_published_at": "2026-06-03T00:16:30Z",
    "severity": "LOW"
  },
  "details": "A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.",
  "id": "GHSA-r87g-78mx-3wg4",
  "modified": "2026-07-10T17:15:12Z",
  "published": "2026-06-03T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10691"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/375"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/pull/400"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/commit/4ce845f8749b6a159b57b38dcc3357f7222a8078"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-10691"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/830746"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367960"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367960/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "DesktopCommanderMCP is vulnerable to Uncontrolled Resource Consumption"
}

GHSA-R894-PXPX-J3M6

Vulnerability from github – Published: 2024-04-25 18:30 – Updated: 2024-04-25 18:30
VLAI
Details

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-25T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.",
  "id": "GHSA-r894-pxpx-j3m6",
  "modified": "2024-04-25T18:30:40Z",
  "published": "2024-04-25T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3508"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3508"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R89Q-C9HQ-6HVP

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13
VLAI
Details

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.",
  "id": "GHSA-r89q-c9hq-6hvp",
  "modified": "2022-05-24T17:13:08Z",
  "published": "2022-05-24T17:13:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3899"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYLI3NEKPO5FTXFOBKRSRQLHCTZOTHCZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4V2TWGEZTYFWE5HIORULXJAUDJ4NXII"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPGNJ7JQCD6IE2SCSFAIMSUY5XHOYWKE"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202006-08"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211105"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211107"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211103"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4347-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4681"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R8CJ-3554-33MR

Vulnerability from github – Published: 2026-05-08 18:19 – Updated: 2026-05-08 18:19
VLAI
Summary
justhtml introduces denial-of-service hardening
Details

Summary

justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification.

These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves.

Affected versions

  • justhtml < 1.18.0

Fixed version

  • justhtml 1.18.0 released on May 4, 2026

Impact

CSS selector handling

Applications that evaluate attacker-controlled selector strings, or that run selector-based transform pipelines over attacker-controlled documents, could consume disproportionate CPU or memory.

The affected selector patterns included oversized selectors, large selector lists, oversized compound selectors, long combinator chains, deeply nested functional pseudo-classes such as :not(...), repeated attribute/class token matching over large values, repeated sibling or ancestor scans, repeated positional pseudo-class work, and :contains(...) over large descendant text.

Programmatically constructed malformed DOM graphs could also trigger non-terminating or duplicate traversal in some selector paths, including cyclic/shared child graphs, cyclic parent chains, and cyclic text traversal for :contains(...).

Linkification

Attacker-controlled text containing punctuation-heavy input or URL candidates ending in long runs of unmatched closing brackets could cause repeated rescanning and consume disproportionate CPU when linkification was enabled.

Default configuration

Ordinary sanitization of parsed HTML with the default JustHTML(..., sanitize=True) configuration is not expected to expose untrusted users to selector injection, because selectors are normally supplied by application code.

The main risk areas are:

  • applications that accept selector strings from untrusted users and pass them to query(...), matches(...), or selector-based transforms
  • custom transform or sanitization pipelines that run selector matching over very large untrusted documents
  • applications that construct or mutate DOM trees programmatically from untrusted structure
  • applications that enable Linkify(...) over attacker-controlled text

Fixes in 1.18.0

1.18.0 adds generalized selector resource controls and removes several repeated-work hot paths:

  • shared selector limits for parse and match operations
  • structural caps for selector length, selector lists, compound selectors, complex selectors, and parse depth
  • match-operation and string-byte budgets
  • per-query matcher state for caches and cycle guards
  • precomputed or cached ancestor, sibling, positional, attribute-token, text-content, :not(...), :empty, and :nth-child(...) work
  • consistent enforcement across public parsing, query(...), tag-only query fast paths, transform selector compilation, and sanitization transform matching
  • linkification hardening for punctuation-heavy inputs and trailing bracket trimming

CWE mapping

  • CWE-400: Uncontrolled Resource Consumption
  • CWE-407: Inefficient Algorithmic Complexity
  • CWE-835: Loop with Unreachable Exit Condition

Recommended action

Upgrade to justhtml 1.18.0.

If users cannot upgrade immediately:

  • do not pass untrusted selector strings to query(...), matches(...), or selector-based transforms
  • restrict the size of untrusted documents before selector matching or linkification
  • avoid constructing programmatic DOM graphs from untrusted structure
  • avoid enabling Linkify(...) on very large attacker-controlled text

Credit

Discovered during an internal security review of justhtml.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "justhtml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-407",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T18:19:30Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "## Summary\n\n`justhtml` `1.18.0` fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification.\n\nThese issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves.\n\n## Affected versions\n\n- `justhtml` `\u003c 1.18.0`\n\n## Fixed version\n\n- `justhtml` `1.18.0` released on May 4, 2026\n\n## Impact\n\n### CSS selector handling\n\nApplications that evaluate attacker-controlled selector strings, or that run selector-based transform pipelines over attacker-controlled documents, could consume disproportionate CPU or memory.\n\nThe affected selector patterns included oversized selectors, large selector lists, oversized compound selectors, long combinator chains, deeply nested functional pseudo-classes such as `:not(...)`, repeated attribute/class token matching over large values, repeated sibling or ancestor scans, repeated positional pseudo-class work, and `:contains(...)` over large descendant text.\n\nProgrammatically constructed malformed DOM graphs could also trigger non-terminating or duplicate traversal in some selector paths, including cyclic/shared child graphs, cyclic parent chains, and cyclic text traversal for `:contains(...)`.\n\n### Linkification\n\nAttacker-controlled text containing punctuation-heavy input or URL candidates ending in long runs of unmatched closing brackets could cause repeated rescanning and consume disproportionate CPU when linkification was enabled.\n\n## Default configuration\n\nOrdinary sanitization of parsed HTML with the default `JustHTML(..., sanitize=True)` configuration is not expected to expose untrusted users to selector injection, because selectors are normally supplied by application code.\n\nThe main risk areas are:\n\n- applications that accept selector strings from untrusted users and pass them to `query(...)`, `matches(...)`, or selector-based transforms\n- custom transform or sanitization pipelines that run selector matching over very large untrusted documents\n- applications that construct or mutate DOM trees programmatically from untrusted structure\n- applications that enable `Linkify(...)` over attacker-controlled text\n\n## Fixes in 1.18.0\n\n`1.18.0` adds generalized selector resource controls and removes several repeated-work hot paths:\n\n- shared selector limits for parse and match operations\n- structural caps for selector length, selector lists, compound selectors, complex selectors, and parse depth\n- match-operation and string-byte budgets\n- per-query matcher state for caches and cycle guards\n- precomputed or cached ancestor, sibling, positional, attribute-token, text-content, `:not(...)`, `:empty`, and `:nth-child(...)` work\n- consistent enforcement across public parsing, `query(...)`, tag-only query fast paths, transform selector compilation, and sanitization transform matching\n- linkification hardening for punctuation-heavy inputs and trailing bracket trimming\n\n## CWE mapping\n\n- CWE-400: Uncontrolled Resource Consumption\n- CWE-407: Inefficient Algorithmic Complexity\n- CWE-835: Loop with Unreachable Exit Condition\n\n## Recommended action\n\nUpgrade to `justhtml` `1.18.0`.\n\nIf users cannot upgrade immediately:\n\n- do not pass untrusted selector strings to `query(...)`, `matches(...)`, or selector-based transforms\n- restrict the size of untrusted documents before selector matching or linkification\n- avoid constructing programmatic DOM graphs from untrusted structure\n- avoid enabling `Linkify(...)` on very large attacker-controlled text\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.",
  "id": "GHSA-r8cj-3554-33mr",
  "modified": "2026-05-08T18:19:30Z",
  "published": "2026-05-08T18:19:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-r8cj-3554-33mr"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/EmilStenstrom/justhtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "justhtml introduces denial-of-service hardening"
}

GHSA-R8M2-4X37-6592

Vulnerability from github – Published: 2022-09-15 03:25 – Updated: 2025-01-02 21:59
VLAI
Summary
.NET Denial of Service Vulnerability
Details

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.

Affected software

  • Any .NET 6.0 application running on .NET 6.0.8 or earlier.
  • Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET.

.NET Core 3.1

Package name Affected version Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.linux-arm64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.linux-x64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.osx-x64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.win-arm >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.win-arm64 >= 3.1.5, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.win-x64 >= 3.1.0, < 3.1.29 3.1.29
Microsoft.AspNetCore.App.Runtime.win-x86 >= 3.1.0, < 3.1.29 3.1.29
### .NET 6
Package name Affected version Patched version
------------ ---------------- -------------------------
Microsoft.AspNetCore.App.Runtime.linux-arm >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.linux-arm64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm >= 5.0.1, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.linux-x64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.osx-arm64 >= 6.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.osx-x64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.win-arm >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.win-arm64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.win-x64 >= 5.0.0, < 6.0.9 6.0.9
Microsoft.AspNetCore.App.Runtime.win-x86 >= 5.0.0, < 6.0.9 6.0.9

Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/234 An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43953 MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-38013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:25:36Z",
    "nvd_published_at": "2022-09-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.\n\n## \u003ca name=\"affected-software\"\u003e\u003c/a\u003eAffected software\n* Any .NET 6.0 application running on .NET 6.0.8 or earlier.\n* Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier.\nIf your application uses the following package versions, ensure you update to the latest version of .NET.\n### \u003ca name=\"ASP.NET Core 3.1\"\u003e\u003c/a\u003e.NET Core 3.1\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|\u003e= 3.1.5, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|\u003e= 3.1.0, \u003c 3.1.29|3.1.29\n### \u003ca name=\".NET 6\"\u003e\u003c/a\u003e.NET 6\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)|\u003e= 5.0.1, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)|\u003e= 6.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|\u003e= 5.0.0, \u003c 6.0.9|6.0.9\n\n\n\n### Other\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/234\nAn Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43953\nMSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013",
  "id": "GHSA-r8m2-4x37-6592",
  "modified": "2025-01-02T21:59:08Z",
  "published": "2022-09-15T03:25:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38013"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dotnet/aspnetcore"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": ".NET Denial of Service Vulnerability"
}

GHSA-R8MX-C9JV-G2MH

Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33
VLAI
Details

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T20:20:54Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core).   The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-r8mx-c9jv-g2mh",
  "modified": "2025-10-21T21:33:44Z",
  "published": "2025-10-21T21:33:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62475"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.