17 matches found
Asymmetric Resource Consumption (Amplification)
Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive...
Asymmetric Resource Consumption (Amplification)
Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification in the deserialization of collection-shaped types, where the element count from MessagePa...
Asymmetric Resource Consumption (Amplification)
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...
Security Bulletin: IBM Storage Ceph is vulnerable to Asymmetric Resource Consumption in Golang Go (CVE-2025-30204)
Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2025-30204 Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function...
CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...
Asymmetric Resource Consumption (Amplification)
Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...
The vulnerability of the DNS BIND server, related to asymmetric resource consumption, allows attackers to cause service failures.
The vulnerability of the DNS BIND server is related to asymmetric resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...
The vulnerability of the C++ Botan cryptographic library, related to asymmetric resource consumption, allows a hacker to induce a service failure.
The vulnerability of the C++ Botan cryptographic library is related to asymmetric resource consumption due to an excessive number of names in the subjectAlternativeName field during the processing of X.509 certificates. Exploiting this vulnerability can allow a remote attacker to cause service...
CVE-2024-41996
A vulnerability was found in the Diffie-Hellman Ephemeral DHE Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular...
CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...
CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...
GO-2022-0919 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings
Asymmetric Resource Consumption Amplification in Docker containers created by Wings in github.com/pterodactyl/wings...
CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...
CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...
CVE-2024-31883 IBM Security Verify Access denial of service
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...
PT-2024-24266 · Ibm · Ibm Security Verify Access
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1 Description: The issue allows an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption under certain configurations. Recommendations: For...
Asymmetric Resource Consumption
python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...