CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,859 vulnerabilities with CWE-770
CVE-2025-54869 MEDIUM
FPDI < 2.6.3 - Denial of Service via Malicious PDF File
CVE-2025-8537 LOW
Bento4 < 1.6.0-641 - Uncontrolled Resource Consumption in AP4_DataBuffer::SetDataSize
CVSS 3.7
CVE-2025-48074 MEDIUM
OpenEXR 3.3.2 - Allocation of Resources Without Limits via Unvalidated DataWindow Size
CVSS 5.5
CVE-2025-54939 MEDIUM
LiteSpeed QUIC Library < 4.3.1 - Memory Leak in lsquic_engine_packet_in
CVSS 5.3
CVE-2025-2813 HIGH
Phoenix Contact AXL F BK and IL BK-PAC - Unauthenticated Denial of Service via HTTP Request Flood
CVSS 7.5
CVE-2025-54575 MEDIUM
SixLabors.ImageSharp < 2.1.11 and 3.0.0-3.1.10 - Denial of Service via Malformed GIF Comment Extension Block
CVSS 5.3
CVE-2025-54572 MEDIUM
ruby-saml < 1.18.1 - Denial of Service via Base64 Validation Bypass
CVE-2025-43211 MEDIUM
Safari < 18.6 - Denial of Service via Memory Handling Issue
CVSS 6.2
CVE-2025-5253 MEDIUM
Kron PAM < 3.7 - Denial of Service via HTTP Resource Exhaustion
CVSS 6.5
CVE-2025-53538 HIGH
Suricata <7.0.10 and <8.0.0-rc1 - Memory Corruption
CVSS 7.5
CVE-2025-54121 MEDIUM
Starlette < 0.47.2 - Denial of Service via Large File Upload
CVSS 5.3
CVE-2025-44652 HIGH
Netgear RAX30 V1.0.10.94_3 - Denial of Service via USERLIMIT_GLOBAL Misconfiguration
CVSS 7.5
CVE-2025-53032 MEDIUM
MySQL Server 9.0.0-9.1.0 - Denial of Service in Optimizer
CVSS 4.9
CVE-2025-29606 MEDIUM
py-libp2p < 0.2.3 - Denial of Service via Large RSA Key
CVSS 4.3
CVE-2025-53634 HIGH
ctfer-io chall-manager < 0.1.4 - Unauthenticated Denial of Service via Slow Loris Attack
CVSS 7.5
CVE-2025-53629 HIGH
cpp-httplib <0.23.0 - Memory Corruption
CVSS 7.5
CVE-2025-53628 HIGH
cpp-httplib <0.20.1 - Memory Corruption
CVSS 8.8
CVE-2025-53531 HIGH
WeGIA < 3.3.0 - Denial of Service via Excessively Long HTTP GET Request
CVSS 7.5
CVE-2025-53530 HIGH
WeGIA < 3.3.0 - Denial of Service via Excessively Long HTTP GET Request
CVSS 7.5
CVE-2025-48367 HIGH
Redis < 6.2.19 - Unauthenticated Denial of Service via IP Protocol Error Flood
CVSS 7.5
CVE-2025-7070 MEDIUM
IROAD Dashcam Q9 < 2025-06-24 - Resource Exhaustion via MFA Pairing Request Spam
CVSS 4.3
CVE-2025-3279 MEDIUM
GitLab 10.7-17.11.4, 18.0-18.0.2, 18.1 - Authenticated Denial of Service via Crafted GraphQL Requests
CVSS 6.5
CVE-2025-52889 LOW
Incus 6.12-6.13 - Resource Exhaustion via ACL Bypass in nftables Rules
CVSS 3.4
CVE-2025-2403 HIGH
Hitachi Energy Relion 670/650 and SAM600-IO - Denial of Service via Network Traffic Prioritization
CVSS 7.5
CVE-2025-52570 LOW
letmeind and letmeinfwd < 10.2.1 - Resource Exhaustion via Unlimited Simultaneous Connections
Details
Vulnerabilities 1,859
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits