denial of service

A flaw disclosed in Oracle’s July 2025 Critical Patch Update allows an attacker with high‑privilege MySQL credentials and network access to repeatedly crash or hang the server process, producing a sustained denial‑of‑service condition that can render MySQL installations unavailable until patched...

The MySQL Server vulnerability tracked as CVE-2025-50082 is a post‑compromise denial‑of‑service flaw in MySQL’s server components (optimizer / InnoDB and related stored‑procedure paths) that allows an attacker who already possesses elevated database privileges to repeatedly crash or hang the...

Oracle’s July 2025 Critical Patch Update included a MySQL Server vulnerability tracked as CVE-2025-50079 that can be triggered over the network by a high‑privilege account and cause the server process to hang or crash repeatedly, producing a denial‑of‑service (DoS) condition for affected MySQL...

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability (tracked as CVE-2024-25177) that can cause a Denial of Service (DoS) by triggering an unsinking of the IR_FSTORE operation when a NULL metatable is encountered, allowing an attacker to crash or otherwise make...

The PHP ecosystem suffered a practical and easily-triggered availability bug when researchers disclosed CVE-2025-6491: a NULL pointer dereference in the PHP SOAP extension caused by an oversized XML namespace prefix. The defect is not a subtle compiler edge case — it is reliably reproducible...

Oracle’s MySQL Server was flagged in July 2025 with a denial‑of‑service vulnerability that can be triggered remotely and repeatedly, taking MySQL instances offline and disrupting applications that depend on them. The flaw—tracked as CVE‑2025‑50078—affects a wide span of supported MySQL releases...

A denial-of-service weakness in Oracle’s MySQL Server optimizer — tracked as CVE-2025-50102 — affects a broad set of 8.0, 8.4 and 9.x releases and can be trivially triggered by a high‑privileged user with network access to cause repeated crashes or sustained hangs of the mysqld process...

A recently assigned Linux-kernel vulnerability, CVE-2025-22007, fixes a subtle but consequential Bluetooth error-handling bug in net/bluetooth/6lowpan.c where the function chan_alloc_skb_cb() could return NULL instead of the kernel’s standard error-pointer value; that incorrect return allows a...

Libsoup’s URI decoder can be crashed by a malformed data: URI, creating a remotely triggerable denial‑of‑service that administrators and application developers must treat as an operational risk rather than a low‑importance parsing bug. Background / Overview Libsoup is the widely used HTTP...

A NULL-pointer bug in the Linux HID appleir driver has been assigned CVE-2025-21948 and patched by kernel maintainers after Syzkaller surfaced a crash path that can be triggered by malformed HID reports; the issue can produce a local denial-of-service (availability) condition and has already...

CVE-2022-3509 is a parsing bug in Google’s Protocol Buffers Java implementation that can be triggered by crafted text‑format messages to force excessive object churn and long JVM garbage‑collection pauses, producing a denial‑of‑service (DoS) condition in vulnerable applications; operators should...

OpenTelemetry‑Go Contrib’s HTTP instrumentation contains a subtle but serious denial‑of‑service vector: unbounded cardinality in HTTP labels allows an attacker to exhaust memory through repeated requests that introduce ever‑new label values, a flaw tracked as CVE‑2023‑45142 and fixed in the...

OpenPrinting's CUPS contained a heap buffer overflow that can be triggered when administrators run the daemon with logging set to DEBUG, allowing a remote attacker to repeatedly crash the printing service and, in some cases, sustain a full denial-of-service condition against printing resources...

A subtle race-condition bug in the Linux kernel’s fscache subsystem — tracked as CVE-2024-45000 — can allow the kernel to dereference a NULL pointer and crash, producing a denial-of-service condition on affected systems. The flaw stems from a missing check of the cookie access counter (the...

ClamAV users and defenders should treat the latest PDF-parsing weakness, tracked as CVE-2024-20505, as a production risk: a crafted PDF can trigger an out‑of‑bounds read in the ClamAV PDF parser that reliably crashes the scanner process and produces a denial‑of‑service (DoS) condition unless...

A critical availability weakness in Go’s standard library — tracked as CVE-2024-34156 — lets an attacker reliably crash a process that decodes untrusted gob data by driving the decoder into stack exhaustion. The flaw is simple in concept but serious in consequence: calling encoding/gob’s...

The open-source Node.js middleware body-parser has a high‑severity denial‑of‑service issue when parsing URL‑encoded request bodies; projects using versions earlier than 1.20.3 should treat this as urgent: upgrade immediately or apply strong mitigations to avoid resource‑exhaustion attacks...

The glibc library’s getaddrinfo implementation suffered a subtle — but operationally important — regression in late 2023 that introduced a memory leak capable of producing denial‑of‑service conditions in networked services: CVE‑2023‑5156 is a memory‑leak bug in getaddrinfo.c, introduced as a...

A subtle but consequential bug in the GNU C Library’s name-resolution path — tracked as CVE-2023-4806 — exposed a rare use‑after‑free in getaddrinfo() that can crash networked applications and, in realistic scenarios, be abused for denial of service. The issue is notable not because it’s easy to...

A critical denial-of-service vulnerability in the libvpx VP9 encoder — tracked as CVE-2023-44488 — allows specially crafted input to crash the encoder in libvpx versions prior to 1.13.1, posing a real availability risk for any service or application that performs VP9 encoding or otherwise embeds...