denial of service

Oracle’s MySQL Server contains a denial‑of‑service weakness in its UDF (user‑defined function) handling that can be triggered by a low‑privileged, network‑connected account to hang or repeatedly crash the server process, producing a complete loss of availability for affected instances...

Oracle’s January 2024 security advisory revealed a stability flaw in the MySQL Server optimizer that can be triggered remotely by a low‑privilege, network‑accessible account to hang or repeatedly crash the server process, producing a reliable denial‑of‑service (DoS) condition for affected MySQL...

Oracle’s MySQL Server was assigned CVE‑2024‑20963 — a denial‑of‑service weakness in the Server: Security: Encryption component that affects MySQL Server releases up to and including 8.0.35 and the corresponding 8.2.0 line — and operators should treat it as an availability emergency until...

A simple, malformed PKCS#12 file can crash OpenSSL and take down services that import or parse certificates — CVE-2024-0727 exposes a NULL-pointer weakness in PKCS#12 decoding that allows an attacker to cause a denial-of-service (DoS) condition in any application that uses vulnerable OpenSSL...

A subtle bug in the Linux kernel’s TIPC subsystem — a double-locking condition in tipc_crypto_key_revoke() — can be driven into a kernel‑level deadlock that lets a local, authenticated user hang or crash a machine. The issue, tracked as CVE‑2024‑0641, is an availability‑only failure (denial of...

A subtle integer overflow in the Go standard library’s scanner can be weaponized to hang processes: CVE-2023-24537 causes the go/scanner parser to enter an infinite loop when it encounters //line directives with abnormally large line numbers, producing a reliable denial‑of‑service (DoS)...

The Go standard library’s multipart form parser contained a deceptively simple weakness that, in April 2023, was assigned CVE-2023-24536: specially crafted multipart requests can force Go programs to burn CPU and memory at scale, creating a reliable denial‑of‑service (DoS) vector against web...

Go’s net/http standard library contains a subtle protocol-handling bug — tracked as CVE-2024-24791 — that can be weaponized to cause sustained denial-of-service conditions against Go-based HTTP proxies and other components that reuse HTTP connections, and operators must treat it as a...

The Linux kernel vulnerability tracked as CVE-2023-52340 exposes a subtle but powerful availability risk: a flaw in the IPv6 route-caching logic can be driven into a denial-of-service condition by repeated IPv6 traffic patterns (for example, packets sent in a loop from a raw socket or floods of...

Oracle’s MySQL Server contains a denial-of-service weakness in the Server: Optimizer component (tracked as CVE-2024-21171) that can be triggered remotely by a low‑privilege, network‑connected MySQL account to cause the server to hang or repeatedly crash, producing a complete loss of availability...

A quiet but serious vulnerability in BIND 9 — tracked as CVE-2024-1975 — lets a remote attacker use DNS SIG(0) signatures to drive a resolver or server into sustained CPU exhaustion, effectively denying DNS service to legitimate users until the vulnerable process is patched or otherwise...

A subtle NULL pointer check left out of the Linux kernel’s Intel “ice” Ethernet driver quietly turned into a kernel-level outage: CVE-2022-48841 is a NULL pointer dereference in ice_update_vsi_tx_ring_stats() that can crash an affected system and cause a denial-of-service condition unless the...

Mbed TLS’ modular exponentiation routine mbedtls_mpi_exp_mod could be driven into doing enormous, unbounded work by malicious or malformed parameters, allowing an attacker to trigger a denial-of-service during Diffie‑Hellman key generation on affected builds. The flaw, tracked as CVE‑2020‑36475...

A denial‑of‑service flaw in Oracle’s MySQL Server (tracked as CVE‑2025‑50101) lets an attacker who already holds high‑privilege MySQL credentials trigger optimizer and stored‑procedure code paths that cause mysqld to hang or crash repeatedly, producing a sustained or persistent loss of...

A critical denial‑of‑service vulnerability in Oracle’s MySQL Server—tracked as CVE‑2025‑50083—allows an actor with already elevated database privileges to repeatedly hang or crash the MySQL server process, producing a sustained or persistent loss of availability that can render dependent...

A flaw disclosed in Oracle’s July 2025 Critical Patch Update allows an attacker with high‑privilege MySQL credentials and network access to repeatedly crash or hang the server process, producing a sustained denial‑of‑service condition that can render MySQL installations unavailable until patched...

The MySQL Server vulnerability tracked as CVE-2025-50082 is a post‑compromise denial‑of‑service flaw in MySQL’s server components (optimizer / InnoDB and related stored‑procedure paths) that allows an attacker who already possesses elevated database privileges to repeatedly crash or hang the...

Oracle’s July 2025 Critical Patch Update included a MySQL Server vulnerability tracked as CVE-2025-50079 that can be triggered over the network by a high‑privilege account and cause the server process to hang or crash repeatedly, producing a denial‑of‑service (DoS) condition for affected MySQL...

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability (tracked as CVE-2024-25177) that can cause a Denial of Service (DoS) by triggering an unsinking of the IR_FSTORE operation when a NULL metatable is encountered, allowing an attacker to crash or otherwise make...

The PHP ecosystem suffered a practical and easily-triggered availability bug when researchers disclosed CVE-2025-6491: a NULL pointer dereference in the PHP SOAP extension caused by an oversized XML namespace prefix. The defect is not a subtle compiler edge case — it is reliably reproducible...