CWE-400— Uncontrolled Resource Consumption (Denial of Service)
3,206 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-400page 1 of 65
- CVE-1999-0159LOWCVSS 3.5EG 3.51998-08-12
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
- CVE-2001-0666NONECVSS 0.0EG 0.02001-10-30
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
- CVE-2001-0827HIGHCVSS 7.5EG 7.52001-12-06
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
- CVE-2002-0368NONECVSS 0.0EG 0.02002-06-18
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust…
- CVE-2002-1873NONECVSS 0.0EG 0.02002-12-31
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
- CVE-2002-1876NONECVSS 0.0EG 0.02002-12-31
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
- CVE-2002-20001HIGHCVSS 7.5EG 7.52021-11-11
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at …
- CVE-2003-0714NONECVSS 0.0EG 0.02003-11-17
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly tr…
- CVE-2004-1201NONECVSS 0.0EG 0.02005-01-10
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
- CVE-2004-1464MEDIUMCVSS 5.9EG 9.0⚠ KEV2004-12-31
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
- CVE-2005-0738NONECVSS 0.0EG 0.02005-05-02
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service …
- CVE-2005-1260NONECVSS 0.0EG 0.02005-05-19
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
- CVE-2005-2309NONECVSS 0.0EG 0.02005-07-19
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.
- CVE-2006-1364HIGHCVSS 7.5EG 7.52006-03-23
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repea…
- CVE-2006-5648MEDIUMCVSS 5.5EG 5.52006-12-14
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
- CVE-2006-5649MEDIUMCVSS 5.5EG 5.52006-12-14
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
- CVE-2006-5708HIGHCVSS 7.5EG 7.52006-11-04
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
- CVE-2006-6017MEDIUMCVSS 6.5EG 6.52006-11-21
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1)…
- CVE-2006-6025HIGHCVSS 7.5EG 7.52006-11-21
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third par…
- CVE-2006-7229HIGHCVSS 7.5EG 7.52007-11-15
The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
- CVE-2007-0086NONECVSS 0.0EG 0.02007-01-05
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fra…
- CVE-2007-1377NONECVSS 0.0EG 0.02007-03-10
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with sear…
- CVE-2007-20001HIGHCVSS 7.5EG 7.52022-02-06
A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 …
- CVE-2007-2650NONECVSS 0.0EG 0.02007-05-14
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop…
- CVE-2007-4725NONECVSS 0.0EG 0.02007-09-05
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading …
- CVE-2008-0132NONECVSS 0.0EG 0.02008-01-08
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remo…
- CVE-2008-3534NONECVSS 0.0EG 0.02008-08-08
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite opera…
- CVE-2008-4077NONECVSS 0.0EG 0.02008-09-15
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
- CVE-2008-7314HIGHCVSS 7.5EG 7.52020-01-23
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
- CVE-2009-0033NONECVSS 0.0EG 0.02009-06-05
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted req…
- CVE-2009-1890NONECVSS 0.0EG 0.02009-07-05
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length valu…
- CVE-2009-1891NONECVSS 0.0EG 0.02009-07-10
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
- CVE-2009-2521NONECVSS 0.0EG 0.02009-09-04
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildc…
- CVE-2009-2541HIGHCVSS 7.5EG 7.52009-07-20
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-16…
- CVE-2009-3267NONECVSS 0.0EG 0.02009-09-18
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-18…
- CVE-2009-3270NONECVSS 0.0EG 0.02009-09-18
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-…
- CVE-2009-3621MEDIUMCVSS 5.5EG 5.52009-10-22
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then …
- CVE-2009-3791HIGHCVSS 7.5EG 7.52009-12-21
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.
- CVE-2010-0205NONECVSS 0.0EG 0.02010-03-03
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representa…
- CVE-2010-3698NONECVSS 0.0EG 0.02010-11-26
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modif…
- CVE-2010-3705NONECVSS 0.0EG 0.02010-11-26
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and pani…
- CVE-2010-3858NONECVSS 0.0EG 0.02010-11-30
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on …
- CVE-2010-4243NONECVSS 0.0EG 0.02011-01-22
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumptio…
- CVE-2010-4249NONECVSS 0.0EG 0.02010-11-29
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (syste…
- CVE-2010-4251HIGHCVSS 7.5EG 7.52011-05-26
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amoun…
- CVE-2010-4668NONECVSS 0.0EG 0.02011-01-03
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map…
- CVE-2010-4671NONECVSS 0.0EG 0.02011-01-07
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages …
- CVE-2010-4686NONECVSS 0.0EG 0.02011-01-07
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by…
- CVE-2010-4805HIGHCVSS 7.5EG 7.52011-05-26
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic,…
- CVE-2010-5107HIGHCVSS 7.5EG 0.02013-03-07
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion)…
Map vulnerabilities like CWE-400 to your infrastructure
EchelonGraph correlates every CVE — across CWE-400 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →