denial of service

A subtle bug in QEMU’s built‑in VNC server — tracked as CVE‑2023‑3354 — can be triggered by a remote, unauthenticated client and force a denial‑of‑service through a NULL pointer dereference during the TLS handshake, making this a high‑impact availability flaw that virtualization administrators...

A critical denial‑of‑service vulnerability in the widely used Python HTTP framework aiohttp lets a remote, unauthenticated attacker stop an application from serving requests by sending a single specially crafted multipart/form-data POST. The flaw — tracked as CVE‑2024‑30251 and fixed in aiohttp...

A subtle bug in Go’s standard library quietly opened a door for denial-of-service attacks: malformed ZIP entries could cause archive/zip’s Reader.Open to panic, crashing programs that relied on the io/fs.FS integration introduced in Go 1.16. The issue, tracked as CVE-2021-41772 (GO-2021-0264)...

The Verify function in Go’s crypto/dsa implementation (crypto/dsa/dsa.go) contained an input‑validation flaw that could be weaponized to force an application into an infinite loop and an effective denial‑of‑service; the bug was tracked as CVE‑2016‑3959 and fixed in the emergency releases Go...

A null-pointer dereference in a compact C JSON library has quietly become a textbook reminder that tiny dependencies can create outsized operational risk: CVE-2024-31755 identifies a segmentation violation in cJSON v1.7.17 that can be triggered when the second parameter to cJSON_SetValuestring...

PHP’s mb_encode_mimeheader() can be weaponized to deny service: the bug tracked as CVE‑2024‑2757 causes the function to enter an endless loop when fed specially crafted header text, allowing an attacker to tie up PHP worker processes and render mail‑handling components or web endpoints...

On April 4, 2024 the QUIC ecosystem faced a high‑severity availability risk when researchers disclosed CVE‑2024‑22189: a memory‑exhaustion flaw in the popular Go implementation quic‑go that lets a remote attacker force a peer to consume unbounded memory by abusing QUIC’s Connection ID...

A reachable assertion in QEMU’s SCTP checksum routine can be triggered from a guest and drop the host-side QEMU process, producing a reliability- and availability-impacting denial-of-service that operators should treat as urgent: CVE-2024-3567 is a net-layer assertion failure in...

A newly disclosed bug in the JasPer image library — tracked as CVE-2024-31744 — allows a specially crafted image to trigger an assertion failure in the JPC decoder and crash programs that use the library, producing a high‑impact denial‑of‑service (DoS) condition unless patched. Overview JasPer...

Rustls—the widely used, memory-safe TLS library written in Rust—contains a denial‑of‑service design flaw: under a specific, easily reproducible handshake sequence a blocking rustls server can enter an infinite loop inside rustls::conn::ConnectionCommon::complete_io(), consuming CPU and...

The giflib library shipped in version 5.2.1 contains a flaw that can cause a local segmentation fault in the command-line utilities — a denial‑of‑service condition traced to the getarg.c argument‑parsing code and tracked as CVE‑2023‑39742. Background giflib is a long‑standing, small C library...

A logic bug in the Linux kernel’s Kvaser USB CAN driver has been fixed after being assigned CVE-2025-68308—a subtle off-by-one handling error in the command parsers that could cause an infinite parsing loop and result in a local denial-of-service on systems that interact with affected Kvaser USB...

MariaDB servers in multiple supported release lines can crash without producing an actionable backtrace, producing a deterministic denial‑of‑service (DoS) condition tied to query optimization paths — a bug tracked as CVE‑2023‑52969 in public vulnerability catalogs and triaged in MariaDB’s issue...

A remotely triggerable NULL pointer dereference in FRRouting’s OSPF implementation has been cataloged as CVE-2025-61099 and can crash the OSPF daemon (ospfd) when a crafted Link-State (LS) Update packet is processed while detailed OSPF packet debugging is enabled. The bug, present in upstream...

FRRouting (FRR) versions from v4.0 through v10.4.1 contain a NULL pointer dereference in the OSPF code that can be triggered by a crafted OSPF packet, allowing an attacker to crash the ospfd daemon and cause a Denial of Service (DoS) across affected deployments. Background FRRouting (commonly...

FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...

FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...

PHP’s PDO PostgreSQL stack contains a newly disclosed null-pointer dereference that can crash PHP processes and knock applications offline when emulated prepares are enabled — CVE-2025-14180 affects multiple PHP 8.x branches and was patched in the late‑December security release cycle; operators...

A newly disclosed vulnerability in the X.Org Server’s X Keyboard (Xkb) extension — tracked as CVE‑2025‑62231 — allows a specially crafted X protocol request to trigger an arithmetic wrap/unsigned‑short overflow in XkbSetCompatMap, producing memory corruption or crashes that can fully deny...

A newly disclosed vulnerability in the Avahi mDNS/DNS‑SD implementation — tracked as CVE-2025-59529 — allows unprivileged local users to easily cause a denial-of-service (DoS) against name resolution on affected systems by abusing the simple protocol server’s UNIX domain socket. The bug stems...