denial of service

FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...

FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...

PHP’s PDO PostgreSQL stack contains a newly disclosed null-pointer dereference that can crash PHP processes and knock applications offline when emulated prepares are enabled — CVE-2025-14180 affects multiple PHP 8.x branches and was patched in the late‑December security release cycle; operators...

A newly disclosed vulnerability in the X.Org Server’s X Keyboard (Xkb) extension — tracked as CVE‑2025‑62231 — allows a specially crafted X protocol request to trigger an arithmetic wrap/unsigned‑short overflow in XkbSetCompatMap, producing memory corruption or crashes that can fully deny...

A newly disclosed vulnerability in the Avahi mDNS/DNS‑SD implementation — tracked as CVE-2025-59529 — allows unprivileged local users to easily cause a denial-of-service (DoS) against name resolution on affected systems by abusing the simple protocol server’s UNIX domain socket. The bug stems...

Sequoia’s OpenPGP library contains a denial-of-service bug tracked as CVE-2025-67897: the library’s aes_key_unwrap routine panics when it’s fed an abnormally short ciphertext, allowing a remote attacker to crash any application that attempts to decrypt a specially crafted OpenPGP message...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A newly disclosed vulnerability, tracked as CVE-2025-49178, allows malformed X11 protocol requests to disrupt X server request processing — a flaw that can be weaponized to produce a complete denial of service against affected X server implementations (notably xorg-x11-server, Xwayland and...

wolfSSL has published a patch and coordinated disclosures after researchers reported a denial‑of‑service weakness in its TLS 1.3 ClientHello parsing: specially crafted ClientHello messages that include duplicate key_share (CKS) entries can force excessive resource consumption in wolfSSL 5.8.2...

CVE-2025-62567 is a newly recorded vulnerability in Microsoft’s Hyper‑V virtualization stack that has been flagged as a Denial of Service (DoS) condition caused by an integer underflow (wrap/wraparound); the entry is listed in public trackers and in Microsoft’s Security Update Guide, but...

A new Linux kernel vulnerability tracked as CVE-2025-40287 has been disclosed and fixed: an exFAT driver bug where the code failed to validate a dentry's stream size properly, allowing a crafted filesystem entry to trigger an infinite loop and hang the kernel. The flaw arises because the exFAT...

A denial-of-service flaw in the widely used Go logging library logrus can render Entry.Writer unusable when it receives a single-line log payload larger than 64 KB with no newline characters, creating the potential for sustained or persistent application unavailability until the library is...

The Linux kernel vulnerability tracked as CVE-2023-52485 exposes a deterministic denial‑of‑service condition in the AMD display driver: under certain power‑management races the driver can attempt to send commands to the DMCUB microcontroller while it is powered down, causing the command path to...

The Linux kernel vulnerability CVE-2024-1151 is a stack‑overflow defect in the Open vSwitch (OVS) kernel module that can be triggered by recursive action operations and yields a reliable denial‑of‑service (DoS) — an attacker who can reach the OVS control path can cause the kernel to crash or the...

A null-pointer defensive check added to the Intel i915 HDCP code (hdcp2_get_capability) closes a local denial‑of‑service vector tracked as CVE‑2024‑53050 by ensuring the encoder pointer is validated before use, turning an uncontrolled kernel oops into a deterministic error path and removing a...

Linux kernel maintainers closed a subtle but impactful race in the perf subsystem that could cause hosts to hang while freeing a sigtrap event, a denial‑of‑service condition tracked as CVE‑2025‑37747 and now fixed upstream and in many vendor kernels. Background The Linux perf subsystem is the...

A reachable assertion in QEMU’s USB handling (usb_ep_get in hw/net/core.c) can be triggered from an unprivileged guest and crash the host-side QEMU process, producing a host-level denial-of-service that administrators must treat as a high-availability risk and remediate immediately. Background /...

HAProxy Technologies has published an advisory for CVE‑2025‑11230, a high‑severity denial‑of‑service flaw rooted in an Inefficient Algorithm Complexity (CWE‑407) in the embedded mjson JSON parser; specially crafted JSON payloads that include extremely large numeric values can trigger...

A newly disclosed high-severity vulnerability in Ceph’s RADOS Gateway (RGW) lets an unauthenticated attacker crash the RGW daemon by issuing an S3 object-copy operation that includes an empty x-amz-copy-source value, producing a reliable denial‑of‑service (DoS) that can render S3-compatible...