CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5415 vulnerabilities reference this CWE, most recent first.
GHSA-VW7M-6WWG-32MQ
Vulnerability from github – Published: 2024-02-12 09:31 – Updated: 2024-02-14 18:30Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
{
"affected": [],
"aliases": [
"CVE-2023-41706"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-12T09:15:11Z",
"severity": "MODERATE"
},
"details": "Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.",
"id": "GHSA-vw7m-6wwg-32mq",
"modified": "2024-02-14T18:30:24Z",
"published": "2024-02-12T09:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41706"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"type": "WEB",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Feb/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWH5-Q72R-GR35
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.
{
"affected": [],
"aliases": [
"CVE-2019-13926"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-11T16:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0), SCALANCE S612 (All versions \u003e= V3.0), SCALANCE S623 (All versions \u003e= V3.0), SCALANCE S627-2M (All versions \u003e= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.",
"id": "GHSA-vwh5-q72r-gr35",
"modified": "2022-05-24T17:08:23Z",
"published": "2022-05-24T17:08:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13926"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VWJC-Q9PX-R9VQ
Vulnerability from github – Published: 2018-06-07 19:43 – Updated: 2023-05-22 15:35Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers.
Parsing certain inputs with new Date() or Date.parse() cases v8 to crash. As ecstatic passes the value of the affected headers into one of these functions, sending certain inputs via one of the headers will cause the server to crash.
Recommendation
Update to version 1.4.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ecstatic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-9242"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:58:32Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `ecstatic` prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the `Last-Modified` or `If-Modified-Since` headers.\n\nParsing certain inputs with `new Date()` or `Date.parse()` cases v8 to crash. As ecstatic passes the value of the affected headers into one of these functions, sending certain inputs via one of the headers will cause the server to crash.\n\n\n\n## Recommendation\n\nUpdate to version 1.4.0 or later.",
"id": "GHSA-vwjc-q9px-r9vq",
"modified": "2023-05-22T15:35:11Z",
"published": "2018-06-07T19:43:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9242"
},
{
"type": "WEB",
"url": "https://github.com/jfhbrook/node-ecstatic/pull/179"
},
{
"type": "WEB",
"url": "https://github.com/jfhbrook/node-ecstatic/commit/0d0a2779ac5e5843d3745920212dfac9b69440e2"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/v8/issues/detail?id=4640"
},
{
"type": "PACKAGE",
"url": "https://github.com/jfhbrook/node-ecstatic"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Denial of Service in ecstatic"
}
GHSA-VWM3-CV6H-HRM3
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2024-05-14 18:30A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2019-19300"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-14T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions \u003c V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions \u003e= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions \u003e= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions \u003e= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions \u003e= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions \u003e= V4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.0), SIMATIC S7-1500 Software Controller (All versions \u003c V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.",
"id": "GHSA-vwm3-cv6h-hrm3",
"modified": "2024-05-14T18:30:33Z",
"published": "2022-05-24T17:14:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19300"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWM6-QC77-V2RH
Vulnerability from github – Published: 2022-07-11 21:00 – Updated: 2022-07-19 22:30Impact
The ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it.
It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service.
Malicious Apps which by accident pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the ServiceBus module in the config file edgecore.yaml as below:
modules:
...
serviceBus:
enable: true
Patches
This bug has been fixed in Kubeedge 1.11.1, 1.10.2, 1.9.4. Users should update to these versions to resolve the issue.
Workarounds
Disable the ServiceBus module in the config file edgecore.yaml.
References
NA
Credits
Thanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the kubeedge security policy during a security audit sponsored by CNCF and facilitated by OSTIF.
For more information
If you have any questions or comments about this advisory: * Open an issue in KubeEdge repo * To make a vulnerability report, email your vulnerability to the private cncf-kubeedge-security@lists.cncf.io list with the security details and the details expected for KubeEdge bug reports.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kubeedge/kubeedge"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kubeedge/kubeedge"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kubeedge/kubeedge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31073"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-11T21:00:20Z",
"nvd_published_at": "2022-07-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it.\nIt is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service.\nMalicious Apps which by accident pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the `ServiceBus` module in the config file `edgecore.yaml` as below:\n```\nmodules:\n ...\n serviceBus:\n enable: true\n```\n\n### Patches\nThis bug has been fixed in Kubeedge 1.11.1, 1.10.2, 1.9.4. Users should update to these versions to resolve the issue.\n\n### Workarounds\nDisable the ServiceBus module in the config file `edgecore.yaml`.\n\n### References\nNA\n\n### Credits\nThanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the [kubeedge security policy](https://github.com/kubeedge/kubeedge/security/policy) during a security audit sponsored by CNCF and facilitated by OSTIF.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [KubeEdge repo](https://github.com/kubeedge/kubeedge/issues/new/choose)\n* To make a vulnerability report, email your vulnerability to the private [cncf-kubeedge-security@lists.cncf.io](mailto:cncf-kubeedge-security@lists.cncf.io) list with the security details and the details expected for [KubeEdge bug reports](https://github.com/kubeedge/kubeedge/blob/master/.github/ISSUE_TEMPLATE/bug-report.md).\n",
"id": "GHSA-vwm6-qc77-v2rh",
"modified": "2022-07-19T22:30:59Z",
"published": "2022-07-11T21:00:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31073"
},
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/pull/4038"
},
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/pull/4039"
},
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/pull/4042"
},
{
"type": "PACKAGE",
"url": "github.com/kubeedge/kubeedge"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "KubeEdge Edge ServiceBus module DoS"
}
GHSA-VWPR-HW9C-29X5
Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-09 21:32An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
{
"affected": [],
"aliases": [
"CVE-2026-30141"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T19:17:32Z",
"severity": "HIGH"
},
"details": "An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.",
"id": "GHSA-vwpr-hw9c-29x5",
"modified": "2026-06-09T21:32:33Z",
"published": "2026-06-09T21:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30141"
},
{
"type": "WEB",
"url": "https://github.com/bitbank2/AnimatedGIF/issues/115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWRC-G9Q6-F675
Vulnerability from github – Published: 2022-04-30 18:19 – Updated: 2024-02-12 18:04Zope is a Web application server for Linux. Zope versions 2.0 through 2.5.1 b1 are vulnerable to a denial of service attack, caused by a vulnerability that occurs when using the "through the Web code" capability. A remote attacker could inject malicious headers into a response to cause the vulnerable system to crash.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "zope"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.4.4b2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "zope"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1b2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2002-0687"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-12T18:04:43Z",
"nvd_published_at": "2002-07-23T04:00:00Z",
"severity": "MODERATE"
},
"details": "Zope is a Web application server for Linux. Zope versions 2.0 through 2.5.1 b1 are vulnerable to a denial of service attack, caused by a vulnerability that occurs when using the \"through the Web code\" capability. A remote attacker could inject malicious headers into a response to cause the vulnerable system to crash.",
"id": "GHSA-vwrc-g9q6-f675",
"modified": "2024-02-12T18:04:43Z",
"published": "2022-04-30T18:19:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0687"
},
{
"type": "WEB",
"url": "https://marc.info/?l=zope-announce\u0026m=101890177815066\u0026w=2"
},
{
"type": "WEB",
"url": "https://marc.info/?l=zope-announce\u0026m=101897461507941\u0026w=2"
},
{
"type": "WEB",
"url": "https://marc.info/?l=zope-announce\u0026m=101897462107967\u0026w=2"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20020822024423/http://www.iss.net/security_center/static/9621.php"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20021018100409/http://online.securityfocus.com/bid/5813"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"type": "WEB",
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Zope Server vulnerable to DoS via header injection"
}
GHSA-VWW9-9287-J6XM
Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2022-05-14 03:49ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
{
"affected": [],
"aliases": [
"CVE-2017-17901"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-29T22:29:00Z",
"severity": "HIGH"
},
"details": "ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.",
"id": "GHSA-vww9-9287-j6xm",
"modified": "2022-05-14T03:49:58Z",
"published": "2022-05-14T03:49:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17901"
},
{
"type": "WEB",
"url": "https://www.zyxel.com/support/announcement_denial_of_service.shtml"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX34-R39M-W274
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
{
"affected": [],
"aliases": [
"CVE-2011-1083"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-04-04T12:27:00Z",
"severity": "MODERATE"
},
"details": "The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.",
"id": "GHSA-vx34-r39m-w274",
"modified": "2022-05-13T01:23:50Z",
"published": "2022-05-13T01:23:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1083"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681578"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.kernel/1105744"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.kernel/1105888"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.linux.kernel/1106686"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/03/02/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/03/02/2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0862.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43522"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48115"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48410"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48898"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48964"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/71265"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VX3P-948G-6VHQ
Vulnerability from github – Published: 2021-03-19 21:24 – Updated: 2021-10-21 17:38npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ssri"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.2"
},
{
"fixed": "6.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "ssri"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "ssri"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.0"
]
}
],
"aliases": [
"CVE-2021-27290"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-15T18:24:30Z",
"nvd_published_at": "2021-03-12T22:15:00Z",
"severity": "HIGH"
},
"details": "npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.",
"id": "GHSA-vx3p-948g-6vhq",
"modified": "2021-10-21T17:38:11Z",
"published": "2021-03-19T21:24:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27290"
},
{
"type": "WEB",
"url": "https://github.com/npm/ssri/pull/20#issuecomment-842677644"
},
{
"type": "WEB",
"url": "https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2"
},
{
"type": "WEB",
"url": "https://github.com/npm/ssri/commit/809c84d09ea87c3857fa171d42914586899d4538"
},
{
"type": "WEB",
"url": "https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf"
},
{
"type": "PACKAGE",
"url": "https://github.com/npm/ssri"
},
{
"type": "WEB",
"url": "https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf"
},
{
"type": "WEB",
"url": "https://npmjs.com"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/ssri"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial of Service (ReDoS)"
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.