CWE-406— Insufficient Control of Network Message Volume (Network Amplification)
The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.— MITRE CWE catalog
16 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-406page 1 of 1
- CVE-2014-125036LOWCVSS 2.6EG 4.32023-01-02
A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message …
- CVE-2019-14850LOWCVSS 3.7EG 3.72021-03-18
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a conne…
- CVE-2020-10772HIGHCVSS 7.5EG 7.52020-11-27
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to …
- CVE-2021-38135HIGHCVSS 8.6EG 8.62024-11-22
Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
- CVE-2021-38425HIGHCVSS 7.5EG 9.12022-05-05
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and infor…
- CVE-2021-38429MEDIUMCVSS 6.6EG 9.12022-05-05
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.
- CVE-2021-38487HIGHCVSS 8.2EG 9.12022-05-05
RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service…
- CVE-2021-4234HIGHCVSS 7.5EG 7.52022-07-06
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
- CVE-2021-43547HIGHCVSS 7.5EG 8.22022-05-05
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and inf…
- CVE-2022-0028HIGHCVSS 8.6EG 9.0⚠ KEV2022-08-10
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hard…
- CVE-2023-28455HIGHCVSS 7.5EG 7.52024-09-18
An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.
- CVE-2023-28456HIGHCVSS 7.5EG 7.52024-09-18
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.
- CVE-2023-49203HIGHCVSS 7.5EG 7.52024-09-18
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.
- CVE-2024-25015HIGHCVSS 7.5EG 7.52024-05-01
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.
- CVE-2025-58066MEDIUMCVSS 5.3EG 5.32025-08-29
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where a…
- CVE-2026-45557MEDIUMCVSS 5.8EG 5.82026-05-19
Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0.
Map vulnerabilities like CWE-406 to your infrastructure
EchelonGraph correlates every CVE — across CWE-406 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →