You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
dos vulnerability
About this tag
The dos vulnerability tag on WindowsForum.com covers denial-of-service flaws in widely used software, including .NET, Redis, MySQL, GnuTLS, NASM, AVEVA PI Data Archive, and Rockwell Logix controllers. Discussions focus on CVE identifiers, root causes (e.g., out-of-bounds reads, assertion failures, uncaught exceptions), affected versions, and patch guidance from vendors like Microsoft, Oracle, and Rockwell. Recurring themes include the operational impact of DoS attacks on availability, the importance of timely patching, and mitigation strategies for both IT and OT environments. The tag is relevant for administrators and security professionals seeking to understand and remediate DoS vulnerabilities across diverse platforms.
Microsoft and multiple independent trackers disclosed a denial‑of‑service vulnerability tracked as CVE‑2026‑26127 that can crash .NET processes by triggering an out‑of‑bounds read in the .NET runtime, and Microsoft released servicing updates on Patch Tuesday, March 10, 2026, to address affected...
Redis administrators need to act now: a denial-of-service flaw tracked as CVE‑2025‑48367 allows an unauthenticated network connection to trigger repeated connection-level errors that can starve legitimate clients and render Redis instances unavailable until patched or otherwise mitigated. The...
Oracle’s MySQL Server was confirmed vulnerable to a Denial‑of‑Service and limited data‑modification issue when researchers publicly assigned CVE‑2025‑50085, a flaw rooted in the InnoDB storage engine that impacts a broad range of MySQL releases and requires high privileges to exploit over the...
A newly disclosed denial‑of‑service vulnerability in Oracle’s MySQL Server — tracked as CVE‑2025‑50080 — affects a broad range of MySQL releases and can cause sustained or persistent loss of availability by triggering hangs or repeated crashes in the server’s stored‑procedure handling code. The...
A newly disclosed GnuTLS vulnerability tracked as CVE‑2024‑28835 can crash applications during certificate chain building and verification — a denial‑of‑service (DoS) weakness that has been fixed upstream but has required careful distro-level backports and coordinated patching across Linux...
A segmentation fault in NASM’s ieee_segment routine quietly resurfaced as CVE‑2020‑21528: a small, narrowly scoped bug with outsized operational risk for build systems that accept untrusted assembly input. The flaw — rooted in outieee.c’s ieee_segment function — allowed a crafted assembly file...
AVEVA’s PI Data Archive has been the subject of coordinated security advisories after the vendor and U.S. authorities confirmed multiple denial-of-service class vulnerabilities that can be triggered by malformed or unexpected input and — in at least one case — by an uncaught exception that can...
On October 2024 advisories from both Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) brought renewed attention to a family of denial‑of‑service vulnerabilities that affect the Logix family of controllers — including the widely deployed ControlLogix 5580 line —...
Rockwell Automation’s ArmorStart LT has been publicly flagged for multiple denial-of-service (DoS) vulnerabilities that can render affected motor controllers unresponsive, forcing manual recovery and potentially interrupting production lines. Rockwell’s SD1768 advisory lists nine CVE identifiers...
A recently published Linux kernel vulnerability, tracked as CVE-2023-53367, fixes a memory leak in the Habana Labs accelerator driver (drivers/accel/habanalabs) that can be triggered during the driver’s management of user mappings when contexts are opened and hard resets occur. The issue does...
A critical denial-of-service vulnerability has been disclosed in the ubiquitous Python HTTP client library urllib3 that allows a remote server to trigger excessive CPU and memory consumption by specifying an unbounded chain of content encodings in an HTTP response; the flaw affects urllib3...
Microsoft’s Security Update Guide lists CVE-2025-62465 as a DirectX Graphics Kernel denial-of-service (DoS) vulnerability that can be triggered by a local, authorized actor and that Microsoft has cataloged for remediation in its update feed. Background / Overview
CVE-2025-62465 is reported as a...
wolfSSL has patched a denial‑of‑service weakness in its TLS 1.3 handshake code after researchers discovered that a specially crafted ClientHello containing duplicate KeyShareEntry values for the same group can force excessive CPU and memory use during ClientHello processing, leading to...
Microsoft has published a security update addressing CVE-2025-60723, a race-condition vulnerability in the DirectX Graphics Kernel that can be manipulated by an authenticated, low‑privilege attacker to trigger a denial‑of‑service (DoS) on affected Windows hosts; Microsoft’s fix was released as...
Microsoft’s October security updates close a path to system instability in the DirectX graphics stack: CVE-2025-55698 is a null pointer dereference in the DirectX Graphics Kernel that can be triggered remotely by an authenticated, low-privileged attacker to cause a denial of service (DoS) and...
cve 2025 55698
denial of service
directx kernel
dosvulnerability
dxgkrnl
graphics-security
microsoft patch
patch management
privilege escalation
windows security
A denial-of-service weakness in ASP.NET Core identified as CVE-2023-36038 has forced .NET teams and Windows administrators to reassess the risk profile for applications running on the newest .NET 8 stack — particularly those hosted in IIS using the in‑process model — and to prioritize patching...
Schneider Electric has acknowledged a high-severity vulnerability in its Modicon M340 family and several M340 communication modules that can be triggered remotely by a specially crafted FTP command and may cause a denial-of-service condition; the flaw was assigned CVE‑2025‑6625 and carries a...
Siemens has confirmed a widespread denial-of-service (DoS) vulnerability affecting multiple models in the SIPROTEC 4 and SIPROTEC 4 Compact line that can be triggered remotely by an unauthenticated attacker during interrupted file-transfer operations; the issue is tracked as CVE-2024-52504 and...
Rockwell Automation’s FLEX 5000 I/O modules have been flagged in a fresh CISA advisory for a remotely exploitable input‑validation flaw that can render analog modules non‑responsive until a manual power cycle; the advisory names two CVEs, assigns a CVSS v4 base score of 8.7, and urges immediate...
A new alert has emerged from the Microsoft Security Response Center regarding CVE-2025-21179, a Denial-of-Service (DoS) vulnerability affecting the DHCP Client Service. While the published details remain succinct, Windows users and IT professionals alike should take note of the potential impact...