CWE-400: Resource Exhaustion
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, leading to exhaustion.
Yearly Trend
Top Affected Vendors
All Resource Exhaustion CVEs (691)
This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursively spawning child processes to exhaust system reso...
Oct 20, 2025This is a critical memory handling vulnerability in macOS that allows an application to cause a system crash (kernel panic). All macOS systems running...
Mar 31, 2025A type confusion vulnerability in macOS allows attackers to cause unexpected application termination (denial of service). This affects macOS Ventura, ...
Mar 31, 2025A memory corruption vulnerability in Apple's video processing components allows attackers to cause unexpected app termination or corrupt process memor...
Mar 31, 2025This is a critical memory corruption vulnerability in Apple's video processing components across multiple operating systems. Processing a maliciously ...
Mar 31, 2025UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper input validation, deserialization, and buffer restr...
Aug 22, 2024This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array bounds checking fails due to uninitialized counter ...
Jun 25, 2024This CVE describes a memory corruption vulnerability in the Linux kernel's WCD938x audio codec driver. An attacker could exploit this to cause kernel ...
Jun 20, 2024This vulnerability in the STRIMZI Project's Kafka Connect REST API allows attackers to bypass access controls, potentially denying Kafka Mirroring ser...
Jun 17, 2024The DP module in HarmonyOS has a service hijacking vulnerability that allows attackers to intercept or manipulate Super Device services. This affects ...
Sep 25, 2023This vulnerability in Rocket Software UniData and UniVerse allows remote attackers to cause denial of service by exhausting system memory through a de...
Mar 29, 2023This vulnerability in StarWind iSCSI target allows attackers to cause denial of service by repeatedly attempting connections to non-existent targets, ...
Feb 6, 2022A stack-based buffer overflow vulnerability in Rockwell Automation CompactLogix and Compact GuardLogix controllers allows attackers to send crafted HT...
May 1, 2019This vulnerability allows attackers to exploit active user sessions to send malicious requests that cause denial-of-service conditions on affected dev...
Dec 20, 2023This vulnerability in Python's HTTP client libraries allows a malicious server to cause denial-of-service by forcing clients to read excessively large...
Dec 1, 2025DiscordNotifications MediaWiki extension versions before commit 1f20d850cbcce5b15951c7c6127b87b927a5415e contain a Server-Side Request Forgery (SSRF) ...
Jul 10, 2025This vulnerability in Oracle Hospitality OPERA 5 allows unauthenticated attackers with network access via HTTP to access sensitive data or cause denia...
Jan 21, 2025This vulnerability in Mirai botnet command and control servers allows unauthenticated attackers to establish persistent TCP connections, causing resou...
Aug 22, 2024PrivX versions before 34.0 contain an improper input validation vulnerability in the REST API that allows attackers to exfiltrate data and cause denia...
Aug 6, 2024This vulnerability in gaizhenbiao/chuanhuchatgpt allows any user to restart the server by sending a specific request to the /queue/join? endpoint with...
Jul 10, 2024This vulnerability allows attackers to craft malicious consensus messages and send them to individual nodes in peer-to-peer networks, potentially taki...
Apr 17, 2023This CVE-2021-4440 is a Linux kernel vulnerability affecting Xen PV guests where the USERGS_SYSRET64 paravirt call was incorrectly optimized, preventi...
Jun 25, 2024A path traversal vulnerability in fastify-static module allows attackers to redirect Firefox users to arbitrary websites via crafted URLs containing d...
Oct 14, 2021A vulnerability in Cisco IOS XE Software's DHCP snooping feature allows unauthenticated remote attackers to cause a denial of service by sending DHCP ...
May 7, 2025This vulnerability in Altair (a Misskey fork) allows unauthenticated attackers to abuse the image proxy feature to cause denial of service. Attackers ...
Dec 19, 2024This vulnerability allows an unauthenticated remote attacker to send a high rate of TCP connections to the Cisco BroadWorks Network Server, exhausting...
Nov 15, 2024A vulnerability in Cisco Firepower Threat Defense (FTD) and FirePOWER Services allows unauthenticated remote attackers to cause denial of service by s...
Oct 23, 2024This vulnerability in Cisco NX-OS Software allows unauthenticated remote attackers to cause denial of service by flooding eBGP traffic, which can drop...
Feb 29, 2024Discourse's message serializer mishandles expanded chat mentions (@all and @here), creating excessively large user arrays that can cause denial of ser...
Jan 12, 2024An unauthenticated remote attacker can send crafted HTTP requests to a specific API endpoint in Cisco Unified Communications products, causing high CP...
Oct 4, 2023CVE-2023-43646 is a regular expression denial of service (ReDoS) vulnerability in the get-func-name npm module. It allows attackers to cause denial of...
Sep 27, 2023This vulnerability allows unauthenticated remote attackers to cause a denial of service (DoS) by overwhelming Cisco ASA and FTD devices with excessive...
Oct 27, 2021CVE-2021-41145 is a denial-of-service vulnerability in FreeSWITCH where flooding the system with SIP messages causes memory exhaustion and crashes. Th...
Oct 25, 2021A race condition vulnerability in the Linux kernel's block cgroup subsystem allows list corruption when WRITE operations to ->lqueued are reordered wi...
Jun 24, 2024This CVE describes a memory leak vulnerability in the Linux kernel's cpufreq CPPC driver. When the cpufreq policy initialization fails, allocated reso...
May 21, 2024A missing bounds check in the bcachefs filesystem superblock validation in the Linux kernel allows journal entries to overrun the clean section bounda...
May 20, 2024This vulnerability in Intel HAXM software allows local attackers to cause resource exhaustion, potentially leading to privilege escalation. It affects...
Nov 17, 2021This vulnerability allows attackers to cause denial of service through uncontrolled resource consumption in Progress MOVEit Transfer's AS2 module. It ...
Oct 29, 2025A race condition vulnerability in the Marvell Prestera network driver in the Linux kernel can cause a kernel crash when handling port events during in...
Feb 28, 2024This vulnerability in ASP.NET Core allows attackers to cause denial of service by sending specially crafted requests that consume excessive resources....
Nov 14, 2023A buffer overflow vulnerability in Control de Ciber version 1.650 allows attackers to execute arbitrary code by sending specially crafted print reques...
Sep 12, 2023This vulnerability in Samsung Exynos processors and modems allows attackers to exploit incorrect LTE NAS message authorization, forcing devices to dow...
Jul 9, 2024This CVE describes a use-after-free vulnerability in the Linux kernel's ENETC driver where temporary stack memory is incorrectly referenced for IRQ af...
May 21, 2024CVE-2023-46136 is a denial-of-service vulnerability in Werkzeug's multipart data parser. Attackers can send specially crafted file uploads that cause ...
Oct 25, 2023CVE-2021-38465 is a resource exhaustion vulnerability in Auvesy webinstaller that allows attackers to fill the server's temporary storage by generatin...
Oct 22, 2021This CVE describes a use-after-free vulnerability in the Linux kernel's i915 graphics driver hardware monitoring (hwmon) component. The vulnerability ...
Jul 5, 2024This vulnerability in Apport's crash reporting tool allows local attackers to escape chroot restrictions by exploiting the Python crash handler. It af...
Jun 4, 2024A NULL pointer dereference vulnerability in the Linux kernel's lan966x driver causes system crashes when adding network interfaces under a Link Aggreg...
Apr 3, 2024This CVE describes a slab-out-of-bounds read vulnerability in the JFS filesystem implementation within the Linux kernel. An attacker could exploit thi...
Mar 6, 2024This vulnerability in Ivanti Secure Access Client allows locally authenticated attackers to exploit a misconfiguration, potentially causing denial of ...
Nov 15, 2023About Resource Exhaustion (CWE-400)
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, leading to exhaustion.
Our database tracks 691 CVEs classified as CWE-400, with 21 rated critical and 451 rated high severity. The average CVSS score for Resource Exhaustion vulnerabilities is 7.0.
External reference: View CWE-400 on MITRE CWE →
Monitor Resource Exhaustion Vulnerabilities
Get alerted when new Resource Exhaustion CVEs affect your infrastructure.
Start Monitoring Free