Vulnerabilities > Allocation of Resources Without Limits or Throttling

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2021-22532 Allocation of Resources Without Limits or Throttling vulnerability in Microfocus Edirectory
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.
network
low complexity
microfocus CWE-770
7.5
2024-09-11 CVE-2024-45012 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sg_init_one+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? do_trap+0xdd/0x100 ? sg_init_one+0x85/0xa0 ? do_error_trap+0x65/0x80 ? sg_init_one+0x85/0xa0 ? exc_invalid_op+0x50/0x70 ? sg_init_one+0x85/0xa0 ? asm_exc_invalid_op+0x1a/0x20 ? sg_init_one+0x85/0xa0 nvkm_firmware_ctor+0x14a/0x250 [nouveau] nvkm_falcon_fw_ctor+0x42/0x70 [nouveau] ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau] r535_gsp_oneinit+0xb3/0x15f0 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? nvkm_udevice_new+0x95/0x140 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? ktime_get+0x47/0xb0 Fix this by using the non-coherent allocator instead, I think there might be a better answer to this, but it involve ripping up some of APIs using sg lists.
local
low complexity
linux CWE-770
5.5
2024-09-11 CVE-2024-45014 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmem_info segment corruption When physical memory for the kernel image is allocated it does not consider extra memory required for offsetting the image start to match it with the lower 20 bits of KASLR virtual base address.
local
low complexity
linux CWE-770
5.5
2024-09-10 CVE-2024-7734 Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service.
network
low complexity
phoenixcontact CWE-770
5.3
2024-09-07 CVE-2024-40680 Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
local
low complexity
ibm CWE-770
5.5
2024-09-04 CVE-2024-8391 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
network
low complexity
eclipse CWE-770
7.5
2024-08-30 CVE-2024-21658 Allocation of Resources Without Limits or Throttling vulnerability in Discourse Calendar 1.0.0/1.0.1
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic.
network
low complexity
discourse CWE-770
4.3
2024-08-27 CVE-2024-43783 Allocation of Resources Without Limits or Throttling vulnerability in Apollographql products
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.
network
low complexity
apollographql CWE-770
7.5
2024-08-27 CVE-2024-41175 Allocation of Resources Without Limits or Throttling vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker.
local
low complexity
beckhoff CWE-770
5.5
2024-08-19 CVE-2024-44083 Allocation of Resources Without Limits or Throttling vulnerability in Hex-Rays IDA PRO
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked.
network
low complexity
hex-rays CWE-770
7.5