Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2012-05-24 CVE-2011-2906 Resource Exhaustion vulnerability in Linux Kernel
Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.
local
low complexity
linux CWE-400
5.5
2012-05-17 CVE-2012-0879 Resource Exhaustion vulnerability in multiple products
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
local
low complexity
linux canonical debian suse CWE-400
5.5
2012-05-17 CVE-2012-0058 Resource Exhaustion vulnerability in Linux Kernel
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.
local
low complexity
linux CWE-400
5.5
2012-03-29 CVE-2012-0382 Resource Exhaustion vulnerability in Cisco IOS
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.
network
low complexity
cisco CWE-400
7.5
2011-10-22 CVE-2011-1640 Resource Exhaustion vulnerability in Cisco IOS
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.
network
low complexity
cisco CWE-400
7.5
2011-10-10 CVE-2011-2189 Resource Exhaustion vulnerability in multiple products
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
network
low complexity
linux redhat canonical debian CWE-400
7.5
2011-05-26 CVE-2010-4805 Resource Exhaustion vulnerability in multiple products
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field.
network
low complexity
linux redhat CWE-400
7.5
2011-05-26 CVE-2010-4251 Resource Exhaustion vulnerability in multiple products
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
network
low complexity
linux vmware redhat CWE-400
7.5
2009-10-22 CVE-2009-3621 Resource Exhaustion vulnerability in multiple products
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
5.5
2006-03-23 CVE-2006-1364 Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
network
low complexity
microsoft CWE-400
7.5