CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,884 vulnerabilities with CWE-770
CVE-2022-0480 MEDIUM
Linux Kernel < 5.15 - Denial of Service via Unlimited POSIX File Lock Allocation
CVSS 5.5
CVE-2022-0084 HIGH
Redhat Integration Camel K - Resource Allocation Without Limits
CVSS 7.5
CVE-2022-25888 HIGH
opcua < 0.11.0 - Denial of Service via Unlimited Chunk Reception
CVSS 7.5
CVE-2022-25761 HIGH
open62541 < 1.2.5 and 1.3-rc1-1.3.1 - Denial of Service via Unlimited Chunk Reception
CVSS 7.5
CVE-2022-25304 HIGH
asyncua and opcua - Denial of Service via Unlimited Chunk Reception
CVSS 7.5
CVE-2022-25231 HIGH
node-opcua < 2.74.0 - Denial of Service via Crafted OPC UA Message
CVSS 7.5
CVE-2022-24381 HIGH
asneg opc_ua_stack - Denial of Service via Unlimited Chunk Reception
CVSS 7.5
CVE-2022-24298 HIGH
freeopcua - Denial of Service via Multiple CloseSession Requests
CVSS 7.5
CVE-2022-36155 MEDIUM
tifig v0.2.2 - Resource Allocation Without Limits via operator new
CVSS 5.5
CVE-2022-36146 MEDIUM
swfmill < 0.3.6 - Denial of Service via Memory Allocation Issue
CVSS 5.5
CVE-2022-35111 MEDIUM
SWFTools - Stack Overflow via StackDepotNode Hash Function
CVSS 5.5
CVE-2022-35107 MEDIUM
SWFTools - Stack Overflow via vfprintf
CVSS 5.5
CVE-2022-35009 MEDIUM
PNGDec - Denial of Service via Memory Allocation Issue
CVSS 6.5
CVE-2022-38155 HIGH
Samsung mTower <0.3.0 - Memory Corruption
CVSS 7.5
CVE-2022-36324 HIGH
Siemens SCALANCE Devices - Denial of Service via SSL/TLS Renegotiation
CVSS 7.5
CVE-2022-36124 HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
CVSS 7.5
CVE-2022-35724 HIGH
Apache Avro < 0.14.0 - Denial of Service via Infinite Loop in Data Reader
CVSS 7.5
CVE-2022-31118 MEDIUM
Nextcloud <22.2.8, <23.0.5, <24.0.1 - Info Disclosure
CVSS 6.5
CVE-2022-35505 HIGH
triplecross 0.1.0 - Denial of Service via Unbounded Command Output
CVSS 7.5
CVE-2022-35221 MEDIUM
Teamplus Pro < 3.011.6.0.1 - Denial of Service via Thread Subject Field
CVSS 5.4
CVE-2022-35220 HIGH
Teamplus Pro < 3.011.6.0.1 - Denial of Service via Large Thread Content
CVSS 7.7
CVE-2022-35219 MEDIUM
NHI Health Insurance Web Service Component - Denial of Service via Network Packet Key Parameter
CVSS 5.5
CVE-2022-35218 MEDIUM
NHI Health Insurance Web Service Component - Heap-Based Buffer Overflow via Packet Origin Parameter
CVSS 5.5
CVE-2022-35922 HIGH
Rust-WebSocket <0.26.5 - Memory Corruption
CVSS 7.5
CVE-2022-35915 MEDIUM
OpenZeppelin Contracts <4.7.2 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 1,884
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits