Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2017-01-13 CVE-2016-7427 Resource Exhaustion vulnerability in NTP 4.2.8
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
low complexity
ntp CWE-400
4.3
2017-01-13 CVE-2016-7426 Resource Exhaustion vulnerability in multiple products
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
network
low complexity
ntp canonical redhat hpe CWE-400
7.5
2017-01-12 CVE-2017-5351 Resource Exhaustion vulnerability in Samsung Mobile
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads.
network
low complexity
samsung CWE-400
7.5
2017-01-10 CVE-2016-6831 Resource Exhaustion vulnerability in Call-Cc Chicken
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak.
network
low complexity
call-cc CWE-400
7.5
2016-12-28 CVE-2016-9685 Resource Exhaustion vulnerability in Linux Kernel
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
local
low complexity
linux CWE-400
5.5
2016-12-28 CVE-2016-6213 Resource Exhaustion vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
local
high complexity
linux CWE-400
4.7
2016-10-16 CVE-2016-8666 Resource Exhaustion vulnerability in Linux Kernel
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
network
low complexity
linux CWE-400
7.5
2016-09-26 CVE-2016-6307 Resource Exhaustion vulnerability in Openssl 1.1.0
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.
network
high complexity
openssl CWE-400
5.9
2016-09-26 CVE-2016-6172 Resource Exhaustion vulnerability in multiple products
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
network
high complexity
opensuse powerdns CWE-400
6.8
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5