Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5401 vulnerabilities reference this CWE, most recent first.

GHSA-XGWC-RMQJ-WXQR

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-08T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.",
  "id": "GHSA-xgwc-rmqj-wxqr",
  "modified": "2022-05-13T01:31:27Z",
  "published": "2022-05-13T01:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1672"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-wsa-bypass"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106904"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGXR-3384-47XM

Vulnerability from github – Published: 2023-06-15 21:30 – Updated: 2024-04-04 04:53
VLAI
Details

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-15T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nA memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.\n\n",
  "id": "GHSA-xgxr-3384-47xm",
  "modified": "2024-04-04T04:53:07Z",
  "published": "2023-06-15T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2683"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs"
    },
    {
      "type": "WEB",
      "url": "https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH2H-CW6H-X9H5

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-02-27 21:31
VLAI
Details

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-19T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",
  "id": "GHSA-xh2h-cw6h-x9h5",
  "modified": "2024-02-27T21:31:22Z",
  "published": "2022-05-24T16:48:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11478"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/905115"
    },
    {
      "type": "WEB",
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K26618426"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190625-0001"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Jul/30"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1699"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1602"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1594"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH5M-8QQP-C5X7

Vulnerability from github – Published: 2023-10-10 21:23 – Updated: 2024-06-03 18:35
VLAI
Summary
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Details

Impact

The MsQuic server application or process will crash, resulting in a denial of service.

Patches

The following patch was made:

  • Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343

Workarounds

Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.Schannel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Native.Quic.MsQuic.OpenSSL"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-10T21:23:27Z",
    "nvd_published_at": "2023-10-10T18:15:18Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe MsQuic server application or process will crash, resulting in a denial of service.\n\n### Patches\nThe following patch was made:\n\n- Don\u0027t Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343\n\n### Workarounds\nBeyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.\n",
  "id": "GHSA-xh5m-8qqp-c5x7",
  "modified": "2024-06-03T18:35:09Z",
  "published": "2023-10-10T21:23:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38171"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/microsoft/msquic"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel"
}

GHSA-XH5R-95XW-9RQ3

Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30
VLAI
Details

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-08T17:16:15Z",
    "severity": "MODERATE"
  },
  "details": "In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-xh5r-95xw-9rq3",
  "modified": "2025-12-08T21:30:20Z",
  "published": "2025-12-08T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48584"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/08a0766708db2071d9b8b65abf40d7e8057daaa1"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2025-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH69-987W-HRP8

Vulnerability from github – Published: 2025-07-15 14:37 – Updated: 2025-07-15 22:56
VLAI
Summary
resolv vulnerable to DoS via insufficient DNS domain name length validation
Details

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby.

Details

The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Affected Version

The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier

Credits

Thanks to Manu for discovering this issue.

History

Originally published at 2025-07-08 07:00:00 (UTC)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "resolv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "resolv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.0"
            },
            {
              "fixed": "0.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "resolv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.0"
            },
            {
              "fixed": "0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-15T14:37:08Z",
    "nvd_published_at": "2025-07-12T04:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby.\n\n## Details\nThe vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.\n\nAn attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting\nlength of the name.\n\nThis resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.\n\n## Affected Version\nThe vulnerability affects the resolv gem bundled with the following Ruby series:\n* Ruby 3.2 series: resolv version 0.2.2 and earlier\n* Ruby 3.3 series: resolv version 0.3.0\n* Ruby 3.4 series: resolv version 0.6.1 and earlier\n\n## Credits\nThanks to Manu for discovering this issue.\n\n## History\nOriginally published at 2025-07-08 07:00:00 (UTC)",
  "id": "GHSA-xh69-987w-hrp8",
  "modified": "2025-07-15T22:56:19Z",
  "published": "2025-07-15T14:37:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24294"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ruby/resolv/commit/4c2f71b5e80826506f78417d85b38481c058fb25"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ruby/resolv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resolv/CVE-2025-24294.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "resolv vulnerable to DoS via insufficient DNS domain name length validation"
}

GHSA-XH69-9JX5-XGPH

Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31
VLAI
Details

Windows Active Directory Domain Services API Denial of Service Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T18:15:34Z",
    "severity": "HIGH"
  },
  "details": "Windows Active Directory Domain Services API Denial of Service Vulnerability",
  "id": "GHSA-xh69-9jx5-xgph",
  "modified": "2025-02-11T18:31:38Z",
  "published": "2025-02-11T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21351"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21351"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH7Q-HG94-4G3M

Vulnerability from github – Published: 2023-11-06 15:30 – Updated: 2023-11-06 15:30
VLAI
Details

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-06T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.",
  "id": "GHSA-xh7q-hg94-4g3m",
  "modified": "2023-11-06T15:30:31Z",
  "published": "2023-11-06T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3246"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2014157"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415371"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHG9-XWCH-VR7X

Vulnerability from github – Published: 2024-03-13 15:38 – Updated: 2024-03-13 15:38
VLAI
Summary
quiche vulnerable to unbounded storage of information related to connection ID retirement
Details

Impact

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1. Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue.

Patches

Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "quiche"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "quiche"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.20.0"
            },
            {
              "fixed": "0.20.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-13T15:38:21Z",
    "nvd_published_at": "2024-03-12T18:15:07Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nCloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see [RFC 9000 Section 5.1](https://datatracker.ietf.org/doc/html/rfc9000#section-5.1). Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer\u0027s congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. \n\n### Patches\n\nQuiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions.",
  "id": "GHSA-xhg9-xwch-vr7x",
  "modified": "2024-03-13T15:38:21Z",
  "published": "2024-03-13T15:38:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-xhg9-xwch-vr7x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1410"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/commit/0c5733a84c41e9e178adc866b11ce59ac264f5af"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/commit/5be8143126f8cfa8a483d4a5ae475b9a46053fa1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/commit/7ab42af5f5e97f20f1d63b7ea2f9ab0536678c40"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/commit/a983998c4408605905ee9a6ab0fc00e68436ac67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/quiche"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/releases/tag/0.19.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/quiche/releases/tag/0.20.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "quiche vulnerable to unbounded storage of information related to connection ID retirement"
}

GHSA-XHM5-VCJW-G9VF

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI
Details

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-20T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.",
  "id": "GHSA-xhm5-vcjw-g9vf",
  "modified": "2022-05-24T16:54:07Z",
  "published": "2022-05-24T16:54:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4049"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.