memory exhaustion

A high‑severity denial‑of‑service vulnerability — tracked as CVE‑2024‑37298 — was disclosed in the popular Go library github.com/gorilla/schema, allowing an attacker to force unbounded memory allocations when the library decodes form or query parameters into structs that contain slices of nested...

The Go standard library’s math/big package contained a subtle but dangerous bug in the Rat.SetString function that could be triggered by crafted input to force unbounded memory growth and crash services that parse or accept user-controlled rational numbers. The flaw — tracked as CVE-2022-23772 —...

The JavaScript package ecosystem hit a familiar but dangerous snag with CVE-2024-4068: a memory‑exhaustion vulnerability in the widely used NPM package braces that can be triggered by imbalanced brace input and lead to sustained denial of service by exhausting the JavaScript heap. Background The...

Axios’s Node.js adapter will happily decode arbitrarily large data: URIs into memory, bypassing configured size limits and giving attackers an easy way to crash processes — a denial‑of‑service weakness tracked as CVE‑2025‑58754 that has been fixed in recent releases but remains a high‑risk issue...

On April 4, 2024 the QUIC ecosystem faced a high‑severity availability risk when researchers disclosed CVE‑2024‑22189: a memory‑exhaustion flaw in the popular Go implementation quic‑go that lets a remote attacker force a peer to consume unbounded memory by abusing QUIC’s Connection ID...

A recently assigned Linux-kernel vulnerability, tracked as CVE‑2025‑38465, fixes integer wraparound bugs in netlink code paths that update a socket’s receive-accounting counter (sk->sk_rmem_alloc); Microsoft’s public advisory names Azure Linux as a product that “includes this open‑source library...

A newly cataloged libvirt vulnerability, tracked as CVE‑2025‑12748, lets a low‑privileged user submit specially crafted XML that is parsed before access controls are applied — triggering uncontrolled memory allocations and crashing the libvirt process on the host, producing a denial‑of‑service...

Siemens’ SIPROTEC 5 family has resurfaced in industry advisories after researchers and the vendor disclosed a vulnerability that allows attackers with physical access to exhaust a device’s memory via its local USB port, causing temporary loss of network responsiveness; the issue is tracked as...

A surge of concern has swept through IT and cybersecurity circles following the disclosure of a critical zero-click vulnerability in Microsoft’s Windows Deployment Services (WDS) platform. Unlike more intricate bugs that require a sophisticated attacker or privileged access, this flaw enables...