denial of service

A quiet but serious vulnerability in BIND 9 — tracked as CVE-2024-1975 — lets a remote attacker use DNS SIG(0) signatures to drive a resolver or server into sustained CPU exhaustion, effectively denying DNS service to legitimate users until the vulnerable process is patched or otherwise...

A subtle NULL pointer check left out of the Linux kernel’s Intel “ice” Ethernet driver quietly turned into a kernel-level outage: CVE-2022-48841 is a NULL pointer dereference in ice_update_vsi_tx_ring_stats() that can crash an affected system and cause a denial-of-service condition unless the...

Mbed TLS’ modular exponentiation routine mbedtls_mpi_exp_mod could be driven into doing enormous, unbounded work by malicious or malformed parameters, allowing an attacker to trigger a denial-of-service during Diffie‑Hellman key generation on affected builds. The flaw, tracked as CVE‑2020‑36475...

A denial‑of‑service flaw in Oracle’s MySQL Server (tracked as CVE‑2025‑50101) lets an attacker who already holds high‑privilege MySQL credentials trigger optimizer and stored‑procedure code paths that cause mysqld to hang or crash repeatedly, producing a sustained or persistent loss of...

A critical denial‑of‑service vulnerability in Oracle’s MySQL Server—tracked as CVE‑2025‑50083—allows an actor with already elevated database privileges to repeatedly hang or crash the MySQL server process, producing a sustained or persistent loss of availability that can render dependent...

A flaw disclosed in Oracle’s July 2025 Critical Patch Update allows an attacker with high‑privilege MySQL credentials and network access to repeatedly crash or hang the server process, producing a sustained denial‑of‑service condition that can render MySQL installations unavailable until patched...

The MySQL Server vulnerability tracked as CVE-2025-50082 is a post‑compromise denial‑of‑service flaw in MySQL’s server components (optimizer / InnoDB and related stored‑procedure paths) that allows an attacker who already possesses elevated database privileges to repeatedly crash or hang the...

Oracle’s July 2025 Critical Patch Update included a MySQL Server vulnerability tracked as CVE-2025-50079 that can be triggered over the network by a high‑privilege account and cause the server process to hang or crash repeatedly, producing a denial‑of‑service (DoS) condition for affected MySQL...

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability (tracked as CVE-2024-25177) that can cause a Denial of Service (DoS) by triggering an unsinking of the IR_FSTORE operation when a NULL metatable is encountered, allowing an attacker to crash or otherwise make...

The PHP ecosystem suffered a practical and easily-triggered availability bug when researchers disclosed CVE-2025-6491: a NULL pointer dereference in the PHP SOAP extension caused by an oversized XML namespace prefix. The defect is not a subtle compiler edge case — it is reliably reproducible...

Oracle’s MySQL Server was flagged in July 2025 with a denial‑of‑service vulnerability that can be triggered remotely and repeatedly, taking MySQL instances offline and disrupting applications that depend on them. The flaw—tracked as CVE‑2025‑50078—affects a wide span of supported MySQL releases...

A denial-of-service weakness in Oracle’s MySQL Server optimizer — tracked as CVE-2025-50102 — affects a broad set of 8.0, 8.4 and 9.x releases and can be trivially triggered by a high‑privileged user with network access to cause repeated crashes or sustained hangs of the mysqld process...

A recently assigned Linux-kernel vulnerability, CVE-2025-22007, fixes a subtle but consequential Bluetooth error-handling bug in net/bluetooth/6lowpan.c where the function chan_alloc_skb_cb() could return NULL instead of the kernel’s standard error-pointer value; that incorrect return allows a...

Libsoup’s URI decoder can be crashed by a malformed data: URI, creating a remotely triggerable denial‑of‑service that administrators and application developers must treat as an operational risk rather than a low‑importance parsing bug. Background / Overview Libsoup is the widely used HTTP...

A NULL-pointer bug in the Linux HID appleir driver has been assigned CVE-2025-21948 and patched by kernel maintainers after Syzkaller surfaced a crash path that can be triggered by malformed HID reports; the issue can produce a local denial-of-service (availability) condition and has already...

CVE-2022-3509 is a parsing bug in Google’s Protocol Buffers Java implementation that can be triggered by crafted text‑format messages to force excessive object churn and long JVM garbage‑collection pauses, producing a denial‑of‑service (DoS) condition in vulnerable applications; operators should...

OpenTelemetry‑Go Contrib’s HTTP instrumentation contains a subtle but serious denial‑of‑service vector: unbounded cardinality in HTTP labels allows an attacker to exhaust memory through repeated requests that introduce ever‑new label values, a flaw tracked as CVE‑2023‑45142 and fixed in the...

OpenPrinting's CUPS contained a heap buffer overflow that can be triggered when administrators run the daemon with logging set to DEBUG, allowing a remote attacker to repeatedly crash the printing service and, in some cases, sustain a full denial-of-service condition against printing resources...

A subtle race-condition bug in the Linux kernel’s fscache subsystem — tracked as CVE-2024-45000 — can allow the kernel to dereference a NULL pointer and crash, producing a denial-of-service condition on affected systems. The flaw stems from a missing check of the cookie access counter (the...

ClamAV users and defenders should treat the latest PDF-parsing weakness, tracked as CVE-2024-20505, as a production risk: a crafted PDF can trigger an out‑of‑bounds read in the ClamAV PDF parser that reliably crashes the scanner process and produces a denial‑of‑service (DoS) condition unless...