Denial of Service

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (...

Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing with extremely large parameters, causing uncontrolled memory allocation and potential disk exhaustion. Public exploit code exists for this vulnerability, which can crash the server process via the OOM killer or fill the cache directory with massive files. An attacker with valid credentials can achieve complete service outage without administrative privileges.

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the...

Jazz Reporting Service versions up to 7.0.3 is affected by allocation of resources without limits or throttling (CVSS 3.5).

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service. [CVSS 5.3 MEDIUM]

Apollo Server's standalone mode (versions 2.0.0-3.13.0, 4.2.0-4.12.x, and 5.0.0-5.3.x) is vulnerable to denial of service attacks when processing GraphQL requests with non-standard character set encodings, allowing unauthenticated remote attackers to crash the service. This vulnerability only affects direct usage of startStandaloneServer and does not impact applications using Apollo Server through integration packages. No patch is currently available.

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. [CVSS 7.5 HIGH]

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]

Apko versions 0.14.8 through 1.1.0 are vulnerable to denial of service when processing APK packages from untrusted repositories due to missing decompression limits in the ExpandApk function. An attacker controlling a compromised APK repository can provide a malicious small, highly-compressed package that expands into a massive tar stream, exhausting disk space and CPU resources on the build host. The vulnerability affects Golang and Apko products and has been patched in version 1.1.1.

Resource exhaustion in Apko versions 0.14.8 through 1.0.x allows local attackers to cause denial of service by supplying a malicious APK archive with excessive gzip-compressed data that forces unbounded decompression work. The expandapk.Split function fails to impose limits on gzip inflation, enabling attackers to exhaust CPU resources and trigger process timeouts when parsing attacker-controlled APK streams. This issue is resolved in version 1.1.0.

RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure or crashes on IoT devices.

A denial of service vulnerability in the Linux kernel's writeback mechanism allows local users with standard privileges to cause indefinite hangs in wait_sb_inodes() when interacting with faulty FUSE servers that fail to respond to write requests. The vulnerability stems from improper handling of mappings without data integrity semantics, which should be skipped during synchronization operations but are instead waited upon indefinitely. An attacker controlling a malfunctioning FUSE server can exploit this to freeze system operations that depend on filesystem synchronization.

The Linux kernel uacce driver improperly validates callback function implementations before creating isolation policy sysfs files, allowing local users with sufficient privileges to trigger a system crash by accessing unimplemented callback functions. This denial of service vulnerability affects systems where device isolation is configured but callback functions are incompletely implemented. No patch is currently available.

Linux kernel null pointer dereference in the tracing subsystem causes a denial of service when synthetic events reference stacktrace fields from other synthetic events. Local users with tracing permissions can trigger a kernel crash by creating chained synthetic events that pass stacktrace data between them. No patch is currently available for this vulnerability.

The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.

A null pointer dereference vulnerability in the Linux kernel's be2net driver allows local users with low privileges to cause a denial of service by triggering a crash through improper parameter handling in the be_cmd_get_mac_from_list() function. The vulnerability occurs when the driver passes both a false pmac_id_valid flag and a NULL pointer to this function, causing the kernel to dereference the invalid pointer. No patch is currently available for this issue.

The Linux kernel's CAN gs_usb driver contains a denial of service vulnerability where failure to submit a USB request results in an anchored URB that is never released, causing the device close function to hang indefinitely. A local attacker with USB device access can trigger this condition by causing usb_submit_urb() to fail, blocking system operations. No patch is currently available for this medium-severity flaw.

A null pointer dereference in the Linux kernel's net/sched act_ife module allows local users with low privileges to cause a denial of service through a kernel crash when the ife_encode() function fails to validate return values. The vulnerability affects the traffic control scheduling subsystem and requires local access to trigger.

Linux kernel UACCE subsystem is vulnerable to a null pointer dereference that causes a denial of service when queue release and device removal operations execute concurrently during system shutdown. A local attacker with standard user privileges can trigger this condition by forcing accelerator queue cleanup while the device is being removed, crashing the kernel. No patch is currently available.

The hp-bioscfg driver in the Linux kernel contains a null pointer dereference vulnerability triggered by an off-by-one error and missing NULL checks in the GET_INSTANCE_ID macro when accessing BIOS configuration sysfs attributes. Local users with unprivileged access can trigger a kernel panic by reading certain attribute files, causing denial of service during BIOS configuration operations. No patch is currently available for this vulnerability.

The Linux kernel's authencesn crypto module fails to validate minimum AAD (Associated Authenticated Data) length, allowing local attackers with unprivileged access to trigger a NULL pointer dereference and kernel panic by submitting specially crafted authentication requests with oversized AAD parameters. This denial-of-service vulnerability affects systems running vulnerable Linux kernel versions and requires local access to exploit. No patch is currently available.

Unauthenticated remote attackers can crash Cisco TelePresence Collaboration Endpoint and RoomOS devices by sending specially crafted text through meeting invitations or similar channels, exploiting insufficient input validation in the text rendering subsystem. The vulnerability requires no user interaction and causes device reloads resulting in denial of service. No patch is currently available.

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data.

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL.

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL.

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Ingress-nginx's validating admission controller is vulnerable to denial of service through memory exhaustion when processing oversized requests, enabling authenticated attackers to crash the controller pod or exhaust node memory. The vulnerability requires valid credentials but no user interaction, affecting deployments relying on this validation feature. No patch is currently available.

Cloud Pak For Business Automation versions up to 24.0.0 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service or corrupt existing data due (CVSS 5.4).

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in...

Qwik JavaScript framework prior to 1.19.0 has a prototype pollution vulnerability that can lead to server-side code execution in SSR applications.

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. [CVSS 7.5 HIGH]

Konica Minolta FTP Utility 1.0 has a second buffer overflow in the NLST command, providing an additional RCE vector alongside the LIST vulnerability.

Konica Minolta FTP Utility 1.0 has a buffer overflow in the LIST command allowing remote attackers to execute code on systems running the utility.

Filetto 1.0 FTP server has a denial of service vulnerability in FEAT command processing causing uncontrolled resource consumption.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.

Iccdev versions prior to 2.3.1.2 are vulnerable to denial of service when processing malformed ICC color profiles with invalid image encoding type values, causing application crashes due to type confusion. The vulnerability is remotely triggerable and public exploit code is available. A patch is available in version 2.3.1.2 and later.

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.

A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).

TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface.

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions. [CVSS 7.5 HIGH]

Denial of service in jsPDF prior to version 4.1.0 occurs when malicious BMP files with oversized dimension headers are processed by the addImage or html methods, causing excessive memory allocation and application crashes. Public exploit code exists for this vulnerability. Organizations using jsPDF should upgrade to version 4.1.0 or later to remediate the issue.

Transient DOS when processing a received frame with an excessively large authentication information element. [CVSS 6.5 MEDIUM]

Libsoup's multipart HTTP response parser contains a stack buffer overflow stemming from faulty length validation, enabling remote attackers to trigger memory corruption and potentially execute arbitrary code without authentication. Applications using libsoup to process untrusted server responses face crash or code execution risks. No patch is currently available.

SoupServer's improper handling of HTTP requests combining Transfer-Encoding: chunked and Connection: keep-alive headers enables remote attackers to smuggle malicious requests over persistent connections without authentication. This HTTP request smuggling vulnerability can cause denial-of-service conditions and unintended request processing by exploiting the server's failure to properly close connections per RFC 9112. No patch is currently available.

Local denial of service in libxml2's xmllint interactive shell allows an unprivileged local user to exhaust system memory by repeatedly submitting whitespace-only input, which triggers a memory leak that accumulates until the process terminates. The vulnerability stems from improper buffer deallocation when command execution is skipped for whitespace input. No patch is currently available.

Unbounded external image fetching in Hugging Face text-generation-inference 3.3.6 VLM mode enables unauthenticated remote attackers to exhaust system resources through malicious Markdown image links in API requests. The router fetches and loads entire image files into memory during input validation regardless of subsequent token limit rejections, causing memory inflation, bandwidth saturation, and potential denial of service on unprotected deployments. This vulnerability affects default configurations lacking authentication and memory limits, with no patch currently available.

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. [CVSS 5.7 MEDIUM]

The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. [CVSS 5.3 MEDIUM]

Unauthenticated clients can invoke resource-intensive Socket.IO events in lollms 5.9.0 due to missing authentication checks in the event handler registration, allowing attackers to trigger denial of service and state corruption. The vulnerability is compounded by improper use of global state flags in multi-client environments, enabling attackers to interfere with legitimate client operations and manipulate server state through race conditions. No patch is currently available for this high-severity flaw affecting the AI/ML framework.

Improper input validation in Modem firmware (Nr16, Nr15, Nr17r, Nr17) enables remote denial of service attacks when devices connect to attacker-controlled base stations. An unauthenticated attacker can trigger a system crash without user interaction or special privileges. No patch is currently available for this vulnerability.

The Nr15 modem is susceptible to a denial-of-service attack through improper input validation when connecting to a rogue base station, allowing an attacker to trigger a system crash without requiring user interaction or special privileges. An unauthenticated attacker within radio proximity can exploit this vulnerability to render affected modems unresponsive. No patch is currently available for this issue.

Improper error handling in the modem component of Nr15, Nr16, and Nr17 devices enables denial of service attacks when a device connects to an attacker-controlled base station. An unauthenticated remote attacker can trigger a system crash without user interaction, and no patch is currently available. The vulnerability affects all Nr-series products with a CVSS score of 6.5.

An uncaught exception in WLAN AP/STA firmware for NBIoT SDK, OpenWrt, and related development kits enables adjacent network attackers to trigger a denial of service condition that renders the system unresponsive without requiring authentication or user interaction. The vulnerability affects multiple wireless products and has no available patch at this time, presenting a medium-severity risk in networked environments.

Android versions up to 15.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 5.5).

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Nr15 versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.5).

A missing bounds check in the Modem component affecting Nr17r, Nr16, Nr15, and Nr17 devices enables remote denial of service attacks when a user connects to an attacker-controlled base station, causing system crashes without requiring user interaction or elevated privileges. The vulnerability allows unauthenticated attackers on the same network segment to crash affected devices remotely. No patch is currently available for this vulnerability.

Denial of service attacks against Nr15, Nr16, and Nr17 modems are possible through improper input validation when a device connects to an attacker-controlled base station. An unauthenticated attacker can trigger a system crash without requiring user interaction or special privileges. No patch is currently available for this vulnerability.

Modem firmware versions Nr15, Nr16, Nr17, and Nr17r are susceptible to denial of service attacks due to insufficient bounds checking in memory operations. An attacker controlling a rogue base station can trigger a system crash on connected devices without requiring authentication or user interaction. No patch is currently available for this vulnerability.

The Nr15 Modem lacks proper input validation in message handling, allowing an attacker controlling a rogue base station to trigger a denial of service condition and crash the system without requiring user interaction or special privileges. This vulnerability affects any device connecting to the compromised base station and currently lacks a vendor patch.

Nr15 modem suffers from an uncaught exception vulnerability that allows remote attackers to trigger a denial of service by connecting a device to a malicious base station. No special privileges or user interaction are required to exploit this network-based flaw. A patch is not currently available.

Remote denial of service in Open5GS up to version 2.7.6 allows unauthenticated attackers to trigger a reachable assertion in the SGWC component by manipulating PDR arguments in the sgwc_tunnel_add function. Public exploit code exists for this vulnerability, and no patch is currently available despite reports indicating a fix is planned.

Open5GS versions up to 2.7.6 contain a reachable assertion vulnerability in the CreateBearerRequest handler that allows unauthenticated remote attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to service availability, with a CVSS score of 5.3.

Open5GS versions up to 2.7.6 contain a reachable assertion vulnerability in the SGWC S11 handler that can be triggered remotely without authentication to cause a denial of service. Public exploit code exists for this vulnerability, and while a patch is reported as already-fixed, it remains unavailable for affected deployments.

SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files.

The 3com 3c59x driver in the Linux kernel is susceptible to a null pointer dereference in the vortex_probe1() function when pdev is null, potentially causing a denial of service through system crash or hang. A local attacker with unprivileged access can trigger this condition during driver initialization. A patch is available to resolve this issue.

A NULL pointer dereference in the Linux kernel's Marvell Prestera driver occurs when devlink_alloc() fails to allocate memory, as the code does not validate the returned pointer before dereferencing it. A local attacker with unprivileged access can trigger a kernel crash by exhausting memory or forcing allocation failures. A patch is available to add proper NULL pointer validation before dereferencing the devlink object.

The Linux kernel idpf driver fails to properly handle initialization errors during driver load, leaving the system in an inconsistent state where subsequent resets trigger a null pointer dereference crash. Local users with administrative privileges can cause a denial of service by triggering conditions that cause the init_task to fail, such as rejected firmware operations. No patch is currently available for this medium-severity vulnerability.

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id.

In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission.

Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. [CVSS 7.5 HIGH]

Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash. [CVSS 7.5 HIGH]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).

Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).

Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).

Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]