Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-405

CWE-405

Asymmetric Resource Consumption (Amplification)

Parent: CWE-400 - Uncontrolled Resource Consumption

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

43 vulnerabilities with CWE-405

CVE-2025-25186 MEDIUM

Net::IMAP 0.3.2-0.3.7, 0.4.0-0.4.18, 0.5.0-0.5.5 - Denial of Service via Memory Exhaustion in Response Parser

CVE-2025-24356 HIGH

fastd < 23.0 - Unauthenticated UDP Amplification via Spoofed Source Address

CVE-2024-11187 HIGH

BIND 9 Asymmetric Resource Consumption via Crafted Zone Queries

CVE-2024-55628 HIGH

Suricata < 7.0.8 - Denial of Service via DNS Resource Name Compression

CVE-2024-56200 HIGH

Altair < v12.24Q4.1 - Unauthenticated Denial of Service via Image Proxy

CVE-2024-49363 HIGH

Misskey <= 2024.10.1 - Unauthenticated Denial of Service via Proxy Loop Amplification

CVE-2024-45590 HIGH

body-parser < 1.20.3 - Denial of Service via URL Encoding

CVE-2024-40705 MEDIUM

IBM InfoSphere Information Server - Info Disclosure

CVE-2024-34702 MEDIUM

Botan <3.5.0-2.19.5 - Info Disclosure

CVE-2024-39743 MEDIUM

IBM MQ Operator 2.0.0-2.0.23 and 3.2.2 - Denial of Service via Memory De-allocation

CVE-2024-34703 HIGH

Botan < 2.19.4 and 3.0.0-alpha0-3.3.0 - Asymmetric Resource Consumption via Explicit Elliptic Curve Parameter Parsing

CVE-2024-0450 MEDIUM

CPython Zip Bomb Asymmetric Resource Consumption

CVE-2024-28214 LOW

nGrinder < 3.5.9 - Denial of Service via Unlimited Delay Setting

CVE-2023-2992 HIGH

Lenovo NextScale N1200 Enclosure Firmware < fhet60b-3.40 - Unauthenticated Denial of Service

CVE-2021-38447 HIGH

OpenDDS < 3.18.1 - Denial of Service via Crafted Packet Flood

CVE-2021-21359 MEDIUM

TYPO3 <9.5.25, 10.4.14, 11.1.1 - DoS

CVE-2019-11479 HIGH

Linux Kernel 4.4-4.4.182 - Denial of Service via TCP MSS Fragmentation

CVE-2018-15492 HIGH

Sentinel License Manager <8.5.3.35 - DoS

Previous Page 2 of 2

Details

Vulnerabilities 43

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy