denial of service

A logic bug in the Linux kernel’s Kvaser USB CAN driver has been fixed after being assigned CVE-2025-68308—a subtle off-by-one handling error in the command parsers that could cause an infinite parsing loop and result in a local denial-of-service on systems that interact with affected Kvaser USB...

MariaDB servers in multiple supported release lines can crash without producing an actionable backtrace, producing a deterministic denial‑of‑service (DoS) condition tied to query optimization paths — a bug tracked as CVE‑2023‑52969 in public vulnerability catalogs and triaged in MariaDB’s issue...

A remotely triggerable NULL pointer dereference in FRRouting’s OSPF implementation has been cataloged as CVE-2025-61099 and can crash the OSPF daemon (ospfd) when a crafted Link-State (LS) Update packet is processed while detailed OSPF packet debugging is enabled. The bug, present in upstream...

FRRouting (FRR) versions from v4.0 through v10.4.1 contain a NULL pointer dereference in the OSPF code that can be triggered by a crafted OSPF packet, allowing an attacker to crash the ospfd daemon and cause a Denial of Service (DoS) across affected deployments. Background FRRouting (commonly...

FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...

FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...

PHP’s PDO PostgreSQL stack contains a newly disclosed null-pointer dereference that can crash PHP processes and knock applications offline when emulated prepares are enabled — CVE-2025-14180 affects multiple PHP 8.x branches and was patched in the late‑December security release cycle; operators...

A newly disclosed vulnerability in the X.Org Server’s X Keyboard (Xkb) extension — tracked as CVE‑2025‑62231 — allows a specially crafted X protocol request to trigger an arithmetic wrap/unsigned‑short overflow in XkbSetCompatMap, producing memory corruption or crashes that can fully deny...

A newly disclosed vulnerability in the Avahi mDNS/DNS‑SD implementation — tracked as CVE-2025-59529 — allows unprivileged local users to easily cause a denial-of-service (DoS) against name resolution on affected systems by abusing the simple protocol server’s UNIX domain socket. The bug stems...

Sequoia’s OpenPGP library contains a denial-of-service bug tracked as CVE-2025-67897: the library’s aes_key_unwrap routine panics when it’s fed an abnormally short ciphertext, allowing a remote attacker to crash any application that attempts to decrypt a specially crafted OpenPGP message...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A newly disclosed vulnerability, tracked as CVE-2025-49178, allows malformed X11 protocol requests to disrupt X server request processing — a flaw that can be weaponized to produce a complete denial of service against affected X server implementations (notably xorg-x11-server, Xwayland and...

wolfSSL has published a patch and coordinated disclosures after researchers reported a denial‑of‑service weakness in its TLS 1.3 ClientHello parsing: specially crafted ClientHello messages that include duplicate key_share (CKS) entries can force excessive resource consumption in wolfSSL 5.8.2...

CVE-2025-62567 is a newly recorded vulnerability in Microsoft’s Hyper‑V virtualization stack that has been flagged as a Denial of Service (DoS) condition caused by an integer underflow (wrap/wraparound); the entry is listed in public trackers and in Microsoft’s Security Update Guide, but...

A new Linux kernel vulnerability tracked as CVE-2025-40287 has been disclosed and fixed: an exFAT driver bug where the code failed to validate a dentry's stream size properly, allowing a crafted filesystem entry to trigger an infinite loop and hang the kernel. The flaw arises because the exFAT...

A denial-of-service flaw in the widely used Go logging library logrus can render Entry.Writer unusable when it receives a single-line log payload larger than 64 KB with no newline characters, creating the potential for sustained or persistent application unavailability until the library is...

The Linux kernel vulnerability tracked as CVE-2023-52485 exposes a deterministic denial‑of‑service condition in the AMD display driver: under certain power‑management races the driver can attempt to send commands to the DMCUB microcontroller while it is powered down, causing the command path to...

The Linux kernel vulnerability CVE-2024-1151 is a stack‑overflow defect in the Open vSwitch (OVS) kernel module that can be triggered by recursive action operations and yields a reliable denial‑of‑service (DoS) — an attacker who can reach the OVS control path can cause the kernel to crash or the...

A null-pointer defensive check added to the Intel i915 HDCP code (hdcp2_get_capability) closes a local denial‑of‑service vector tracked as CVE‑2024‑53050 by ensuring the encoder pointer is validated before use, turning an uncontrolled kernel oops into a deterministic error path and removing a...