7 matches found
GO-2026-4406 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko...
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...
CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...
CVE-2023-34109 User input results in Unbounded resource consumption in @zxcvbn-ts/core
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
Denial Of Service (DoS)
openzeppelin is vulnerable to denial of service DoS attacks. A malicious user is able to use a target contract of an EIP-165 supportsInterface query to cause unbounded resource consumption by returning a lot of data, causing the application to crash...
Design/Logic Flaw
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could...