Lucene search
K

17 matches found

Snyk
Snyk
added 2026/06/15 4:34 p.m.6 views

Asymmetric Resource Consumption (Amplification)

Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive...

8.7CVSS5.9AI score0.00782EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/29 7:55 p.m.7 views

Asymmetric Resource Consumption (Amplification)

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification in the deserialization of collection-shaped types, where the element count from MessagePa...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:18 p.m.13 views

Asymmetric Resource Consumption (Amplification)

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 8:2 p.m.11 views

Security Bulletin: IBM Storage Ceph is vulnerable to Asymmetric Resource Consumption in Golang Go (CVE-2025-30204)

Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2025-30204 Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function...

7.5CVSS6.5AI score0.00693EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.8 views

CVE-2024-31883

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...

5.9CVSS6.6AI score0.00588EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/21 10:4 p.m.6 views

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...

8.7CVSS6.8AI score0.00693EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/12 12:0 a.m.8 views

The vulnerability of the DNS BIND server, related to asymmetric resource consumption, allows attackers to cause service failures.

The vulnerability of the DNS BIND server is related to asymmetric resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...

7.8CVSS6.4AI score0.14614EPSS
Exploits0References16Affected Software11
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.6 views

The vulnerability of the C++ Botan cryptographic library, related to asymmetric resource consumption, allows a hacker to induce a service failure.

The vulnerability of the C++ Botan cryptographic library is related to asymmetric resource consumption due to an excessive number of names in the subjectAlternativeName field during the processing of X.509 certificates. Exploiting this vulnerability can allow a remote attacker to cause service...

5.3CVSS5.9AI score0.00845EPSS
Exploits0References18Affected Software5
RedhatCVE
RedhatCVE
added 2024/08/29 2:58 p.m.40 views

CVE-2024-41996

A vulnerability was found in the Diffie-Hellman Ephemeral DHE Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular...

5.9CVSS7.4AI score0.01083EPSS
Exploits0References8
NVD
NVD
added 2024/08/26 6:15 a.m.18 views

CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

7.5CVSS0.01083EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.47 views

CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

0.01083EPSS
Exploits0References3
OSV
OSV
added 2024/08/21 3:29 p.m.15 views

GO-2022-0919 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings

Asymmetric Resource Consumption Amplification in Docker containers created by Wings in github.com/pterodactyl/wings...

6.5CVSS6.4AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 4:15 p.m.20 views

CVE-2024-31883

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...

5.9CVSS0.00588EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 4:15 p.m.3 views

CVE-2024-31883

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...

5.9CVSS5.8AI score0.00588EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/27 3:50 p.m.28 views

CVE-2024-31883 IBM Security Verify Access denial of service

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615...

5.3CVSS0.00588EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.5 views

PT-2024-24266 · Ibm · Ibm Security Verify Access

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1 Description: The issue allows an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption under certain configurations. Recommendations: For...

5.9CVSS6.9AI score0.00588EPSS
Exploits0References6
Veracode
Veracode
added 2024/03/26 8:39 p.m.38 views

Asymmetric Resource Consumption

python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...

6.2CVSS7AI score0.00333EPSS
Exploits0References17Affected Software5
Rows per page
Query Builder