CWE-770— Allocation of Resources Without Limits or Throttling
1,767 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-770page 3 of 36
- CVE-2019-13074HIGHCVSS 7.5EG 7.52019-07-03
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
- CVE-2019-13112MEDIUMCVSS 6.5EG 6.52019-06-30
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
- CVE-2019-13954MEDIUMCVSS 6.5EG 6.52019-07-26
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicio…
- CVE-2019-13960MEDIUMCVSS 5.5EG 5.52019-07-18
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which th…
- CVE-2019-14834LOWCVSS 3.7EG 3.72020-01-07
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
- CVE-2019-14941HIGHCVSS 7.5EG 7.52020-04-27
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.
- CVE-2019-14958HIGHCVSS 7.5EG 7.52019-10-02
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocati…
- CVE-2019-15165MEDIUMCVSS 5.3EG 5.32019-10-03
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
- CVE-2019-15225HIGHCVSS 7.5EG 7.52019-08-19
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory con…
- CVE-2019-15234HIGHCVSS 7.5EG 7.52020-04-27
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocati…
- CVE-2019-15544HIGHCVSS 7.5EG 7.52019-08-26
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
- CVE-2019-15593MEDIUMCVSS 6.5EG 6.52019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
- CVE-2019-15722HIGHCVSS 7.5EG 7.52019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
- CVE-2019-15736HIGHCVSS 7.5EG 7.52019-09-16
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
- CVE-2019-15753CRITICALCVSS 9.1EG 9.12019-08-28
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows …
- CVE-2019-1599HIGHCVSS 8.6EG 8.62019-03-07
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and free…
- CVE-2019-1644HIGHCVSS 7.5EG 7.52019-01-23
A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerabil…
- CVE-2019-16770MEDIUMCVSS 5.3EG 5.32019-12-05
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads avai…
- CVE-2019-16865HIGHCVSS 7.5EG 7.52019-10-04
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
- CVE-2019-16889HIGHCVSS 7.5EG 7.52019-09-25
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fe…
- CVE-2019-1703HIGHCVSS 8.6EG 8.62019-05-03
A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop proces…
- CVE-2019-17067CRITICALCVSS 9.8EG 9.82019-10-01
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
- CVE-2019-17351MEDIUMCVSS 6.5EG 6.52019-10-08
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest…
- CVE-2019-17359HIGHCVSS 7.5EG 7.52019-10-08
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
- CVE-2019-1737HIGHCVSS 8.6EG 8.62019-03-27
A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (Do…
- CVE-2019-17583HIGHCVSS 7.5EG 7.52019-10-14
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
- CVE-2019-1806HIGHCVSS 7.7EG 7.72019-05-15
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authent…
- CVE-2019-1814HIGHCVSS 8.6EG 8.62019-05-16
A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which i…
- CVE-2019-19958MEDIUMCVSS 6.5EG 6.52019-12-24
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
- CVE-2019-20009MEDIUMCVSS 6.5EG 6.52019-12-27
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
- CVE-2019-20012MEDIUMCVSS 6.5EG 6.52019-12-27
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
- CVE-2019-20013MEDIUMCVSS 6.5EG 6.52019-12-27
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
- CVE-2019-20015MEDIUMCVSS 6.5EG 6.52019-12-27
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
- CVE-2019-20019MEDIUMCVSS 6.5EG 6.52019-12-27
An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.
- CVE-2019-20814HIGHCVSS 7.5EG 7.52020-06-04
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
- CVE-2019-20818HIGHCVSS 7.5EG 7.52020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
- CVE-2019-20845HIGHCVSS 7.5EG 7.52020-06-19
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
- CVE-2019-20880HIGHCVSS 7.5EG 7.52020-06-19
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
- CVE-2019-25220HIGHCVSS 7.5EG 7.52024-11-18
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain h…
- CVE-2019-25342HIGHCVSS 7.5EG 7.52026-02-12
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent request…
- CVE-2019-3553HIGHCVSS 7.5EG 7.52020-03-10
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentiall…
- CVE-2019-3721HIGHCVSS 7.5EG 7.52019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the applicatio…
- CVE-2019-3882MEDIUMCVSS 5.5EG 5.52019-04-24
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted owne…
- CVE-2019-4338HIGHCVSS 7.5EG 7.52019-08-20
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Forc…
- CVE-2019-4720HIGHCVSS 7.5EG 7.52020-01-31
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available me…
- CVE-2019-5031HIGHCVSS 8.8EG 8.82019-10-02
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly,…
- CVE-2019-5043HIGHCVSS 7.5EG 7.52019-10-31
An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can co…
- CVE-2019-5419HIGHCVSS 7.5EG 7.52019-03-27
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
- CVE-2019-5599HIGHCVSS 7.5EG 7.52019-07-02
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every pac…
- CVE-2019-5737HIGHCVSS 7.5EG 7.52019-03-28
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers …
Map vulnerabilities like CWE-770 to your infrastructure
EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →