CVE-2024-36462 Allocation of resources without limits or throttling (uncontrolled resource consumption)

2024-08-0909:40:33

CWE-770

Zabbix

www.cve.org

cve-2024-36462

resource consumption

dos attack

performance degradation

uncontrolled allocation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.5%

JSON

Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Server"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "7.0.0rc3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.0.0rc2",
        "status": "affected",
        "version": "7.0.0alpha1",
        "versionType": "git"
      }
    ]
  }
]