Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-30792

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-11 Jul, 2022 | 10:40
Updated At-16 Sep, 2024 | 23:05
Rejected At-
Credits

CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:11 Jul, 2022 | 10:40
Updated At:16 Sep, 2024 | 23:05
Rejected At:
▼CVE Numbering Authority (CNA)
CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Affected Products
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control RTE (SL)
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control RTE (for Beckhoff CX) SL
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control Win (SL)
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Gateway
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Edge Gateway for Windows
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS HMI (SL)
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Development System V3
Versions
Affected
  • From V3 before V3.5.18.10 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control Runtime System Toolkit
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Embedded Target Visu Toolkit
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Remote Target Visu Toolkit
Versions
Affected
  • From V3 before V3.5.18.20 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for BeagleBone SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for Beckhoff CX9020 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for emPC-A/iMX6 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for IOT2000 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for Linux SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for PFC100 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for PFC200 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for PLCnext SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for Raspberry Pi SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Control for WAGO Touch Panels 600 SL
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Vendor
CODESYS GmbHCODESYS
Product
CODESYS Edge Gateway for Linux
Versions
Affected
  • From V3 before V4.5.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
x_refsource_CONFIRM
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
x_refsource_CONFIRM
x_transferred
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:11 Jul, 2022 | 11:15
Updated At:23 Sep, 2022 | 16:25

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
CODESYS GmbH
codesys
>>control_for_beaglebone>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_empc-a\/imx6>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_iot2000_sl>>Versions before 4.6.0.0(exclusive)
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_linux_sl>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_pfc100_sl>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_pfc200_sl>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_plcnext>>Versions before 4.6.0.0(exclusive)
cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_raspberry_pi_sl>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_for_wago_touch_panels_600>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_rte_sl>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_rte_sl_\(for_beckhoff_cx\)>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_runtime_system_toolkit>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>control_win>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>development_system>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>edge_gateway>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*
CODESYS GmbH
codesys
>>edge_gateway>>Versions before 4.5.0.0(exclusive)
cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*
CODESYS GmbH
codesys
>>embedded_target_visu_toolkit>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>gateway>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>hmi>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>remote_target_visu_toolkit>>Versions before 3.5.18.20(exclusive)
cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primaryinfo@cert.vde.com
CWE ID: CWE-400
Type: Primary
Source: info@cert.vde.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=info@cert.vde.com
Vendor Advisory
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
Source: info@cert.vde.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2022-31803
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.30%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway Server V2 prone to Denial of Service Attack

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-30791
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 10:40
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beagleboneremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_wago_touch_panels_600control_winCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-34593
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8217_firmware750-8202runtime_toolkit750-8203750-8211750-8212750-8206_firmware750-8202_firmware750-8208_firmware750-8216750-8206750-8207750-8214750-8214_firmware750-8208750-8210_firmware750-8213_firmware750-8204_firmware750-8212_firmwareplcwinnt750-8204750-8210750-8213750-8216_firmware750-8217750-8211_firmware750-8203_firmware750-8207_firmwareCODESYS V2
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-34586
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34583
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:58
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-runtime_toolkitn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-41691
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLControl for PLCnext SLControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl Win (SL)Control for IOT2000 SLControl for Raspberry Pi SLControl RTE (for Beckhoff CX) SLVirtual Control SLHMI (SL)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-30195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.34%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 13:17
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slgatewaycontrol_for_linux_sledge_gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-8175
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 08:04
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: web server vulnerable to DoS

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Virtual Control SLCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Embedded Target Visu ToolkitCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)control_rte_\(for_beckhoff_cx\)_slruntime_toolkitvirtual_control_sl
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-31804
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2024-5000
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 08:54
Updated-01 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control for Raspberry Pi SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control for PFC100 SLCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for BeagleBone SLcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_win_\(sl\)control_for_raspberry_pi_slcontrol_for_beaglebone_slruntime_toolkitcontrol_for_linux_arm_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_rte_\(for_beckhoff_cx\)_slhmi_\(sl\)control_rte_\(sl\)control_for_linux_sl
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2022-22517
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-16 Sep, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Components in multiple CODESYS products vulnerable to communication channel disruption

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_for_beaglebone_slremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slcontrol_for_beckhoff_cx9020embedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_plcnext_slcontrol_for_empc-a\/imx6_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS PLCHandlerCODESYS OPC DA Server SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-334
Small Space of Random Values
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-22519
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.93%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_beaglebone_slremote_target_visu_toolkitcontrol_for_linux_slcontrol_for_pfc200_slcontrol_for_beckhoff_cx9020control_for_iot2000_slcontrol_for_wago_touch_panels_600_slembedded_target_visu_toolkitcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22510
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.36%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:26
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Null Pointer Dereference in CODESYS PROFINET stack

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-profinetn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 15:34
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000hmicontrol_for_empc-a\/imx6linuxruntime_system_toolkitsafety_sil2control_for_beaglebonecontrol_wincontrol_for_pfc100gatewaysimulation_runtimen/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-9012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.29%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 17:47
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slgatewaycontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slcontrol_runtime_toolkitcontrol_for_linux_sln/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-5105
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 14:12
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-codesys3S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 13:35
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34585
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-30191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-47391
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:59
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control RTE (for Beckhoff CX) SLCODESYS Edge Gateway for WindowsCODESYS Development System V3CODESYS Safety SIL2 PSPCODESYS Control RTE (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control for PLCnext SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS GatewayCODESYS Edge Gateway for LinuxCODESYS Control for BeagleBone SLCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SLCODESYS Control for emPC-A/iMX6 SLCODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control Runtime System ToolkitCODESYS Control Win (SL)CODESYS Control for IOT2000 SLCODESYS Control for Linux SL
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:14
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beaglebonecontrol_for_raspberry_picontrol_for_pfc100remote_target_visu_toolkitsimulation_runtimecontrol_for_pfc200embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_wago_touch_panels_600control_winn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2011-4082
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 04:02
Updated-06 Aug, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

Action-Not Available
Vendor-phpldapadmin_projectphpldapadminDebian GNU/Linux
Product-phpldapadmindebian_linuxphpldapadmin
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-21339
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-2.03% / 83.06%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0820
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 83.91%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1enterprise_linux_server_ausenterprise_linux.net_corewindows_rt_8.1enterprise_linux_euswindows_7enterprise_linux_server_tuswindows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 4.7.2Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 2.0Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems.NET CoreMicrosoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 3.0Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2002-0368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.09% / 94.92%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0033
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured.

A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx1400srx5800srx110srx100srx3400srx550srx5600junossrx650srx220srx240srx3600srx210Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-2798
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.61%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 13:54
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in HtmlUnit

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

Action-Not Available
Vendor-htmlunit
Product-htmlunit
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8262
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.33%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 07:02
Updated-31 Jul, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-yarnpkgyarnpkg
Product-yarnYarn
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-28854
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.05%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 18:54
Updated-02 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.

Action-Not Available
Vendor-tmccombstmccombs
Product-tls-listenertls-listener
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0199
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-70.84% / 98.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 14:21
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20259
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 16:13
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionprime_collaboration_deploymentunified_communications_managerunified_communications_manager_im_\&_presence_serviceemergency_responderCisco Emergency ResponderCisco Unified Communications ManagerCisco Prime Collaboration DeploymentCisco Unity ConnectionCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0059
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-20883
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.39%
||
7 Day CHG+0.01%
Published-26 May, 2023 | 00:00
Updated-16 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_bootSpring Boot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-7920
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwarear200ar1200ar160_firmwarear3200_firmwarear2200ar3200ar200_firmwarear1200_firmwarear160AR1200, AR160, AR200, AR2200, AR3200
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-8777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 78.54%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.RubyRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxrubyenterprise_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-21061
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.25%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0031
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.52% / 65.82%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets.

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-6389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-87.65% / 99.43%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1733
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-9182
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 20:33
Updated-21 Aug, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefox ESRFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1992
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 39.93%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxwiresharkfedoraWireshark
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-2225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.38%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-uclibc-ng_projectn/a
Product-uclibc-ngn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-2224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.33%
||
7 Day CHG-0.21%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.

Action-Not Available
Vendor-uclibc-ng_projectn/a
Product-uclibc-ngn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.14%
||
7 Day CHG~0.00%
Published-26 May, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-6532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.36%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.

Action-Not Available
Vendor-icingan/a
Product-icingan/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-3791
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.67%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_media_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-10540
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.04%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.

Action-Not Available
Vendor-minimatch_projectHackerOne
Product-minimatchminimatch node module
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
Details not found