denial of service

A subtle design choice in QUIC’s path‑validation code turned into a practical denial‑of‑service lever: CVE‑2023‑49295 lets a remote peer drive a quic‑go server into memory exhaustion by abusing PATH_CHALLENGE/PATH_RESPONSE exchanges, and the problem—disclosed in late 2023 and published with...

The Linux kernel flaw tracked as CVE-2024-23849 is a classic off-by-one bounds-check error in the RDS receive path that can produce an out‑of‑bounds memory access and a denial‑of‑service (system crash) on affected kernels up to and including 6.7.1. Background / Overview Reliable Datagram Sockets...

Oracle’s MySQL Server was assigned CVE-2024-20981 — a denial-of-service weakness in the Server: DDL component that can be triggered by a high-privilege account with network access to repeatedly hang or crash the mysqld process, producing a complete or sustained loss of availability for affected...

Oracle's MySQL Server contains a stability flaw in its query optimizer that can be triggered by a low‑privileged, network‑accessible account to hang or repeatedly crash the server process—producing a reliable denial‑of‑service condition tracked as CVE‑2024‑20961. Background / Overview MySQL...

A subtle bug in GnuTLS’s certificate-chain handling can be forced into crashing the library when presented with a specially crafted chain that uses distributed trust — a denial-of-service flaw tracked as CVE-2024-0567 that affected upstream releases before a patch was shipped and has since been...

A small, targeted memory leak in the YASM assembler has emerged as a quietly dangerous availability problem: CVE-2023-51258 identifies a leak in the new_Token routine of the NASM preprocessor module that can be triggered by local users and, when exploited repeatedly, can exhaust memory and deny...

A denial-of-service condition in widely used Go library implementations of Git can be induced by a malicious Git server that sends specially crafted replies — an attacker-controlled server can exhaust memory or other resources on go-git clients, causing processes and dependent services to stall...

Oracle’s MySQL Server contains a denial‑of‑service weakness in its UDF (user‑defined function) handling that can be triggered by a low‑privileged, network‑connected account to hang or repeatedly crash the server process, producing a complete loss of availability for affected instances...

Oracle’s January 2024 security advisory revealed a stability flaw in the MySQL Server optimizer that can be triggered remotely by a low‑privilege, network‑accessible account to hang or repeatedly crash the server process, producing a reliable denial‑of‑service (DoS) condition for affected MySQL...

Oracle’s MySQL Server was assigned CVE‑2024‑20963 — a denial‑of‑service weakness in the Server: Security: Encryption component that affects MySQL Server releases up to and including 8.0.35 and the corresponding 8.2.0 line — and operators should treat it as an availability emergency until...

A simple, malformed PKCS#12 file can crash OpenSSL and take down services that import or parse certificates — CVE-2024-0727 exposes a NULL-pointer weakness in PKCS#12 decoding that allows an attacker to cause a denial-of-service (DoS) condition in any application that uses vulnerable OpenSSL...

A subtle bug in the Linux kernel’s TIPC subsystem — a double-locking condition in tipc_crypto_key_revoke() — can be driven into a kernel‑level deadlock that lets a local, authenticated user hang or crash a machine. The issue, tracked as CVE‑2024‑0641, is an availability‑only failure (denial of...

A subtle integer overflow in the Go standard library’s scanner can be weaponized to hang processes: CVE-2023-24537 causes the go/scanner parser to enter an infinite loop when it encounters //line directives with abnormally large line numbers, producing a reliable denial‑of‑service (DoS)...

The Go standard library’s multipart form parser contained a deceptively simple weakness that, in April 2023, was assigned CVE-2023-24536: specially crafted multipart requests can force Go programs to burn CPU and memory at scale, creating a reliable denial‑of‑service (DoS) vector against web...

Go’s net/http standard library contains a subtle protocol-handling bug — tracked as CVE-2024-24791 — that can be weaponized to cause sustained denial-of-service conditions against Go-based HTTP proxies and other components that reuse HTTP connections, and operators must treat it as a...

The Linux kernel vulnerability tracked as CVE-2023-52340 exposes a subtle but powerful availability risk: a flaw in the IPv6 route-caching logic can be driven into a denial-of-service condition by repeated IPv6 traffic patterns (for example, packets sent in a loop from a raw socket or floods of...

Oracle’s MySQL Server contains a denial-of-service weakness in the Server: Optimizer component (tracked as CVE-2024-21171) that can be triggered remotely by a low‑privilege, network‑connected MySQL account to cause the server to hang or repeatedly crash, producing a complete loss of availability...

A quiet but serious vulnerability in BIND 9 — tracked as CVE-2024-1975 — lets a remote attacker use DNS SIG(0) signatures to drive a resolver or server into sustained CPU exhaustion, effectively denying DNS service to legitimate users until the vulnerable process is patched or otherwise...

A subtle NULL pointer check left out of the Linux kernel’s Intel “ice” Ethernet driver quietly turned into a kernel-level outage: CVE-2022-48841 is a NULL pointer dereference in ice_update_vsi_tx_ring_stats() that can crash an affected system and cause a denial-of-service condition unless the...

Mbed TLS’ modular exponentiation routine mbedtls_mpi_exp_mod could be driven into doing enormous, unbounded work by malicious or malformed parameters, allowing an attacker to trigger a denial-of-service during Diffie‑Hellman key generation on affected builds. The flaw, tracked as CVE‑2020‑36475...