Description
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/pterodactyl/wings/security/advisories/GHSA-jj6m-r8jc-2gp7
Patch, Third Party Advisory x_refsource_misc
https://github.com/pterodactyl/wings/commit/e0078eee0a71d61573a94c75e6efcad069d78de3
Scores
CVSS v3
6.5
EPSS
0.0005
EPSS Percentile
16.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-770
CWE-400
Status
published
Products (2)
pterodactyl/wings
< 1.4.4
pterodactyl/wings
0 - 1.4.4Go
Published
Jun 22, 2021
Tracked Since
Feb 18, 2026