denial of service

A newly disclosed bug in the JasPer image library — tracked as CVE-2024-31744 — allows a specially crafted image to trigger an assertion failure in the JPC decoder and crash programs that use the library, producing a high‑impact denial‑of‑service (DoS) condition unless patched. Overview JasPer...

Rustls—the widely used, memory-safe TLS library written in Rust—contains a denial‑of‑service design flaw: under a specific, easily reproducible handshake sequence a blocking rustls server can enter an infinite loop inside rustls::conn::ConnectionCommon::complete_io(), consuming CPU and...

The giflib library shipped in version 5.2.1 contains a flaw that can cause a local segmentation fault in the command-line utilities — a denial‑of‑service condition traced to the getarg.c argument‑parsing code and tracked as CVE‑2023‑39742. Background giflib is a long‑standing, small C library...

A logic bug in the Linux kernel’s Kvaser USB CAN driver has been fixed after being assigned CVE-2025-68308—a subtle off-by-one handling error in the command parsers that could cause an infinite parsing loop and result in a local denial-of-service on systems that interact with affected Kvaser USB...

MariaDB servers in multiple supported release lines can crash without producing an actionable backtrace, producing a deterministic denial‑of‑service (DoS) condition tied to query optimization paths — a bug tracked as CVE‑2023‑52969 in public vulnerability catalogs and triaged in MariaDB’s issue...

A remotely triggerable NULL pointer dereference in FRRouting’s OSPF implementation has been cataloged as CVE-2025-61099 and can crash the OSPF daemon (ospfd) when a crafted Link-State (LS) Update packet is processed while detailed OSPF packet debugging is enabled. The bug, present in upstream...

FRRouting (FRR) versions from v4.0 through v10.4.1 contain a NULL pointer dereference in the OSPF code that can be triggered by a crafted OSPF packet, allowing an attacker to crash the ospfd daemon and cause a Denial of Service (DoS) across affected deployments. Background FRRouting (commonly...

FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...

FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...

PHP’s PDO PostgreSQL stack contains a newly disclosed null-pointer dereference that can crash PHP processes and knock applications offline when emulated prepares are enabled — CVE-2025-14180 affects multiple PHP 8.x branches and was patched in the late‑December security release cycle; operators...

A newly disclosed vulnerability in the X.Org Server’s X Keyboard (Xkb) extension — tracked as CVE‑2025‑62231 — allows a specially crafted X protocol request to trigger an arithmetic wrap/unsigned‑short overflow in XkbSetCompatMap, producing memory corruption or crashes that can fully deny...

A newly disclosed vulnerability in the Avahi mDNS/DNS‑SD implementation — tracked as CVE-2025-59529 — allows unprivileged local users to easily cause a denial-of-service (DoS) against name resolution on affected systems by abusing the simple protocol server’s UNIX domain socket. The bug stems...

Sequoia’s OpenPGP library contains a denial-of-service bug tracked as CVE-2025-67897: the library’s aes_key_unwrap routine panics when it’s fed an abnormally short ciphertext, allowing a remote attacker to crash any application that attempts to decrypt a specially crafted OpenPGP message...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A newly disclosed vulnerability, tracked as CVE-2025-49178, allows malformed X11 protocol requests to disrupt X server request processing — a flaw that can be weaponized to produce a complete denial of service against affected X server implementations (notably xorg-x11-server, Xwayland and...

wolfSSL has published a patch and coordinated disclosures after researchers reported a denial‑of‑service weakness in its TLS 1.3 ClientHello parsing: specially crafted ClientHello messages that include duplicate key_share (CKS) entries can force excessive resource consumption in wolfSSL 5.8.2...

CVE-2025-62567 is a newly recorded vulnerability in Microsoft’s Hyper‑V virtualization stack that has been flagged as a Denial of Service (DoS) condition caused by an integer underflow (wrap/wraparound); the entry is listed in public trackers and in Microsoft’s Security Update Guide, but...

A new Linux kernel vulnerability tracked as CVE-2025-40287 has been disclosed and fixed: an exFAT driver bug where the code failed to validate a dentry's stream size properly, allowing a crafted filesystem entry to trigger an infinite loop and hang the kernel. The flaw arises because the exFAT...

A denial-of-service flaw in the widely used Go logging library logrus can render Entry.Writer unusable when it receives a single-line log payload larger than 64 KB with no newline characters, creating the potential for sustained or persistent application unavailability until the library is...