CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2023-28626 (GCVE-0-2023-28626)
Vulnerability from cvelistv5 – Published: 2023-03-28 20:14 – Updated: 2025-02-18 19:03
VLAI
Title
Quadratic runtime when parsing Markdown in comrak
Summary
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kivikakk/comrak/security/advisories/GHSA-8hqf-xjwp-p67v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kivikakk/comrak/security/advisories/GHSA-8hqf-xjwp-p67v"
},
{
"name": "https://github.com/kivikakk/comrak/commit/ce795b7f471b01589f842dc09af38b025701178d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kivikakk/comrak/commit/ce795b7f471b01589f842dc09af38b025701178d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTWZWCT7KCX2KTXTLPUYZ3EHOONG4X46/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUYME2VA555X6567H7ORIJQFN4BVGT6N/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQ3UBC7LE4VPCMZBTADIBL353CH7CPVV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T19:02:57.336196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:03:27.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "comrak",
"vendor": "kivikakk",
"versions": [
{
"status": "affected",
"version": "\u003c 0.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-29T04:06:11.652Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kivikakk/comrak/security/advisories/GHSA-8hqf-xjwp-p67v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kivikakk/comrak/security/advisories/GHSA-8hqf-xjwp-p67v"
},
{
"name": "https://github.com/kivikakk/comrak/commit/ce795b7f471b01589f842dc09af38b025701178d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kivikakk/comrak/commit/ce795b7f471b01589f842dc09af38b025701178d"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTWZWCT7KCX2KTXTLPUYZ3EHOONG4X46/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUYME2VA555X6567H7ORIJQFN4BVGT6N/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQ3UBC7LE4VPCMZBTADIBL353CH7CPVV/"
}
],
"source": {
"advisory": "GHSA-8hqf-xjwp-p67v",
"discovery": "UNKNOWN"
},
"title": "Quadratic runtime when parsing Markdown in comrak"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28626",
"datePublished": "2023-03-28T20:14:27.217Z",
"dateReserved": "2023-03-20T12:19:47.207Z",
"dateUpdated": "2025-02-18T19:03:27.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28644 (GCVE-0-2023-28644)
Vulnerability from cvelistv5 – Published: 2023-03-30 18:36 – Updated: 2025-02-11 18:51
VLAI
Title
Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server
Summary
Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/36016 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 25.0.0, < 25.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j"
},
{
"name": "https://github.com/nextcloud/server/pull/36016",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/36016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:51:15.946926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:51:19.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T18:36:27.380Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j"
},
{
"name": "https://github.com/nextcloud/server/pull/36016",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/36016"
}
],
"source": {
"advisory": "GHSA-9wmj-gp8v-477j",
"discovery": "UNKNOWN"
},
"title": "Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28644",
"datePublished": "2023-03-30T18:36:27.380Z",
"dateReserved": "2023-03-20T12:19:47.209Z",
"dateUpdated": "2025-02-11T18:51:19.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28763 (GCVE-0-2023-28763)
Vulnerability from cvelistv5 – Published: 2023-04-11 02:52 – Updated: 2025-02-07 16:54
VLAI
Title
Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform
Summary
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | NetWeaver AS for ABAP and ABAP Platform |
Affected:
740
Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 791 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3296378"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:54:10.286221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:54:13.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetWeaver AS for ABAP and ABAP Platform",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "791"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T20:18:52.577Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3296378"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-28763",
"datePublished": "2023-04-11T02:52:07.602Z",
"dateReserved": "2023-03-23T04:20:27.699Z",
"dateUpdated": "2025-02-07T16:54:13.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28837 (GCVE-0-2023-28837)
Vulnerability from cvelistv5 – Published: 2023-04-03 16:41 – Updated: 2025-02-11 14:37
VLAI
Title
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Summary
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service.
The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents.
Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code.
Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/wagtail/wagtail/security/advis… | x_refsource_CONFIRM |
| https://github.com/wagtail/wagtail/commit/3c0c646… | x_refsource_MISC |
| https://github.com/wagtail/wagtail/commit/c9d2fcd… | x_refsource_MISC |
| https://github.com/wagtail/wagtail/commit/cfa11bb… | x_refsource_MISC |
| https://github.com/wagtail/wagtail/commit/d402231… | x_refsource_MISC |
| https://docs.wagtail.org/en/stable/reference/sett… | x_refsource_MISC |
| https://github.com/wagtail/wagtail/releases/tag/v4.1.4 | x_refsource_MISC |
| https://github.com/wagtail/wagtail/releases/tag/v4.2.2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9"
},
{
"name": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880"
},
{
"name": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165"
},
{
"name": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf"
},
{
"name": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a"
},
{
"name": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:36:47.846170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T14:37:06.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wagtail",
"vendor": "wagtail",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.4"
},
{
"status": "affected",
"version": "\u003e= 4.2, \u003c 4.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail\u0027s handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service.\n\nThe vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents.\n\nImage uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. \n\nPatched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T16:41:19.467Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9"
},
{
"name": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880"
},
{
"name": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165"
},
{
"name": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf"
},
{
"name": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a"
},
{
"name": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2"
}
],
"source": {
"advisory": "GHSA-33pv-vcgh-jfg9",
"discovery": "UNKNOWN"
},
"title": "Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28837",
"datePublished": "2023-04-03T16:41:19.467Z",
"dateReserved": "2023-03-24T16:25:34.465Z",
"dateUpdated": "2025-02-11T14:37:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28846 (GCVE-0-2023-28846)
Vulnerability from cvelistv5 – Published: 2023-03-30 19:57 – Updated: 2025-02-11 18:46
VLAI
Title
Denial of Service in unpoly-rails
Summary
Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/unpoly/unpoly-rails/security/a… | x_refsource_CONFIRM |
| https://github.com/unpoly/unpoly-rails/commit/cd9… | x_refsource_MISC |
| https://docs.nginx.com/nginx/admin-guide/load-bal… | x_refsource_MISC |
| https://github.com/unpoly/unpoly-rails/ | x_refsource_MISC |
| https://makandracards.com/operations/537537-nginx… | x_refsource_MISC |
| https://tryhexadecimal.com/guides/http/414-reques… | x_refsource_MISC |
| https://unpoly.com/up.protocol | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unpoly | unpoly-rails |
Affected:
< 2.7.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/unpoly/unpoly-rails/security/advisories/GHSA-m875-3xf6-mf78",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/unpoly/unpoly-rails/security/advisories/GHSA-m875-3xf6-mf78"
},
{
"name": "https://github.com/unpoly/unpoly-rails/commit/cd9ad0007daceeb3b2354fdcab4f88350427bf16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/unpoly/unpoly-rails/commit/cd9ad0007daceeb3b2354fdcab4f88350427bf16"
},
{
"name": "https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks"
},
{
"name": "https://github.com/unpoly/unpoly-rails/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/unpoly/unpoly-rails/"
},
{
"name": "https://makandracards.com/operations/537537-nginx-proxy-buffer-tuning",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://makandracards.com/operations/537537-nginx-proxy-buffer-tuning"
},
{
"name": "https://tryhexadecimal.com/guides/http/414-request-uri-too-long",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tryhexadecimal.com/guides/http/414-request-uri-too-long"
},
{
"name": "https://unpoly.com/up.protocol",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unpoly.com/up.protocol"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:46:12.608525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:46:42.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unpoly-rails",
"vendor": "unpoly",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer\u0027s that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T19:57:38.767Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unpoly/unpoly-rails/security/advisories/GHSA-m875-3xf6-mf78",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unpoly/unpoly-rails/security/advisories/GHSA-m875-3xf6-mf78"
},
{
"name": "https://github.com/unpoly/unpoly-rails/commit/cd9ad0007daceeb3b2354fdcab4f88350427bf16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unpoly/unpoly-rails/commit/cd9ad0007daceeb3b2354fdcab4f88350427bf16"
},
{
"name": "https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks"
},
{
"name": "https://github.com/unpoly/unpoly-rails/",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unpoly/unpoly-rails/"
},
{
"name": "https://makandracards.com/operations/537537-nginx-proxy-buffer-tuning",
"tags": [
"x_refsource_MISC"
],
"url": "https://makandracards.com/operations/537537-nginx-proxy-buffer-tuning"
},
{
"name": "https://tryhexadecimal.com/guides/http/414-request-uri-too-long",
"tags": [
"x_refsource_MISC"
],
"url": "https://tryhexadecimal.com/guides/http/414-request-uri-too-long"
},
{
"name": "https://unpoly.com/up.protocol",
"tags": [
"x_refsource_MISC"
],
"url": "https://unpoly.com/up.protocol"
}
],
"source": {
"advisory": "GHSA-m875-3xf6-mf78",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in unpoly-rails"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28846",
"datePublished": "2023-03-30T19:57:38.767Z",
"dateReserved": "2023-03-24T16:25:34.466Z",
"dateUpdated": "2025-02-11T18:46:42.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28938 (GCVE-0-2023-28938)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:36 – Updated: 2024-10-02 14:28
VLAI
Summary
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) SSD Tools software |
Affected:
before version mdadm-4.2-rc2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:23:37.405669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:28:25.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) SSD Tools software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version mdadm-4.2-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-400",
"description": "Uncontrolled resource consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:36:51.770Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28938",
"datePublished": "2023-08-11T02:36:51.770Z",
"dateReserved": "2023-04-01T03:00:04.544Z",
"dateUpdated": "2024-10-02T14:28:25.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29013 (GCVE-0-2023-29013)
Vulnerability from cvelistv5 – Published: 2023-04-14 18:15 – Updated: 2025-02-13 16:48
VLAI
Title
HTTP header parsing could cause a deny of service
Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/traefik/traefik/security/advis… | x_refsource_CONFIRM |
| https://github.com/traefik/traefik/commit/4ed3964… | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v… | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v2.9.10 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2023051… |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92"
},
{
"name": "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.9.10",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230517-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T18:53:48.222300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T18:56:43.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.10"
},
{
"status": "affected",
"version": "= 2.10.0-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T19:06:19.844Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92"
},
{
"name": "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.9.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.9.10"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0008/"
}
],
"source": {
"advisory": "GHSA-7hj9-rv74-5g92",
"discovery": "UNKNOWN"
},
"title": "HTTP header parsing could cause a deny of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29013",
"datePublished": "2023-04-14T18:15:12.622Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2025-02-13T16:48:58.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29046 (GCVE-0-2023-29046)
Vulnerability from cvelistv5 – Published: 2023-11-02 13:01 – Updated: 2024-08-02 14:00
VLAI
Summary
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.
Severity
4.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://software.open-xchange.com/products/appsui… | release-notes |
| https://documentation.open-xchange.com/appsuite/s… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OX Software GmbH | OX App Suite |
Affected:
0 , ≤ 7.10.6-rev48
(semver)
Affected: 0 , ≤ 8.11 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev48",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConnections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:22.530Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"MWB-1982"
],
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29046",
"datePublished": "2023-11-02T13:01:39.521Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-08-02T14:00:14.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29153 (GCVE-0-2023-29153)
Vulnerability from cvelistv5 – Published: 2024-02-14 13:38 – Updated: 2025-02-13 16:49
VLAI
Summary
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) SPS firmware |
Affected:
before version SPS_E5_06.01.04.002.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T19:13:53.070528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:26.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) SPS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version SPS_E5_06.01.04.002.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-400",
"description": "Uncontrolled resource consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T19:06:06.059Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240322-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29153",
"datePublished": "2024-02-14T13:38:17.590Z",
"dateReserved": "2023-08-02T03:00:04.619Z",
"dateUpdated": "2025-02-13T16:49:00.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29185 (GCVE-0-2023-29185)
Vulnerability from cvelistv5 – Published: 2023-04-11 03:08 – Updated: 2025-02-07 17:12
VLAI
Title
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)
Summary
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | NetWeaver AS for ABAP (Business Server Pages) |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3303060"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:12:25.143854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:12:28.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetWeaver AS for ABAP (Business Server Pages)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T20:17:17.240Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3303060"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-29185",
"datePublished": "2023-04-11T03:08:03.125Z",
"dateReserved": "2023-04-03T09:22:43.157Z",
"dateUpdated": "2025-02-07T17:12:28.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.