Skip to main content

Denial of Service

other MEDIUM

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions.

How It Works

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions. Attackers exploit asymmetry: minimal attacker effort produces disproportionate resource consumption on the target. Application-level attacks use specially crafted inputs that trigger expensive operations—a regex engine processing malicious patterns can backtrack exponentially, or XML parsers recursively expand entities until memory exhausts. Network-level attacks flood targets with connection requests or amplify traffic through reflection, but application vulnerabilities often provide the most efficient attack surface.

The attack typically begins with reconnaissance to identify resource-intensive operations or unprotected endpoints. For algorithmic complexity attacks, adversaries craft inputs hitting worst-case performance—hash collision inputs filling hash tables with collisions, deeply nested JSON triggering recursive parsing, or pathological regex patterns like (a+)+b against strings of repeated 'a' characters. Resource exhaustion attacks open thousands of connections, upload massive files to unbounded storage, or trigger memory leaks through repeated operations. Crash-based attacks target error handling gaps: null pointer dereferences, unhandled exceptions in parsers, or assertion failures that terminate processes.

Impact

  • Service unavailability preventing legitimate users from accessing applications during attack duration
  • Revenue loss from downtime in e-commerce, SaaS platforms, or transaction processing systems
  • Cascading failures as resource exhaustion spreads to dependent services or database connections pool out
  • SLA violations triggering financial penalties and damaging customer trust
  • Security team distraction providing cover for data exfiltration or intrusion attempts running concurrently

Real-World Examples

CVE-2018-1000544 in Ruby's WEBrick server allowed ReDoS through malicious HTTP headers containing specially crafted patterns that caused the regex engine to backtrack exponentially, freezing request processing threads. A single attacker could saturate all available workers.

Cloudflare experienced a global outage in 2019 when a single WAF rule containing an unoptimized regex hit pathological cases on legitimate traffic spikes. The .*(?:.*=.*)* pattern exhibited catastrophic backtracking, consuming CPU cycles across their edge network until the rule was disabled.

CVE-2013-1664 demonstrated XML bomb vulnerabilities in Python's XML libraries. Attackers uploaded XML documents with nested entity definitions-each entity expanding to ten copies of the previous level. A 1KB upload could expand to gigabytes in memory during parsing, crashing applications instantly.

Mitigation

  • Strict input validation enforcing size limits, complexity bounds, and nesting depth restrictions before processing
  • Request rate limiting per IP address, API key, or user session with exponential backoff
  • Timeout enforcement terminating operations exceeding reasonable execution windows (typically 1-5 seconds)
  • Resource quotas limiting memory allocation, CPU time, and connection counts per request or tenant
  • Regex complexity analysis using linear-time algorithms or sanitizing patterns to eliminate backtracking
  • Circuit breakers automatically rejecting requests when error rates or latency thresholds indicate degradation
  • Load balancing and autoscaling distributing traffic across instances with automatic capacity expansion

Recent CVEs (36508)

EPSS 0% CVSS 8.5
HIGH PATCH This Week

Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.

Authentication Bypass Denial Of Service Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unbounded cache growth in @fastify/accepts-serializer versions ≤6.0.3 allows remote unauthenticated attackers to exhaust Node.js heap memory by sending numerous distinct Accept header variants, crashing the application. The plugin caches serializer selections keyed by Accept header without size limits, enabling trivial memory exhaustion attacks against any exposed Fastify endpoint. Fix available in version 6.0.4, which implements an LRU cache with 100-entry default limit. No public exploit code identified at time of analysis, but attack is straightforward to execute with basic HTTP tools.

Denial Of Service Node.js
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial-of-service condition in Conditional Fields for Contact Form 7 WordPress plugin allows remote unauthenticated attackers to crash PHP processes by injecting arbitrarily large iteration values through REST API parameters. The Wpcf7cfMailParser class processes user-supplied POST data without validation, enabling attackers to trigger unbounded loops with multiple regex operations that exhaust server memory. Affects all versions through 2.6.7 with vendor patch now available. EPSS data not provided, but the network-accessible unauthenticated attack vector (AV:N/PR:N) combined with low complexity (AC:L) indicates straightforward exploitation potential against publicly accessible WordPress sites running this plugin.

Denial Of Service PHP WordPress
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service in CImg Library prior to version 3.7.5 allows local attackers to crash applications via crafted BMP files with oversized nb_colors header fields. The vulnerability stems from unchecked allocation of memory based on user-supplied file header data, causing out-of-memory conditions when loading untrusted BMP files. No authentication or network access required; user interaction (file opening) is the sole prerequisite.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap buffer overflow in BusyBox udhcpc6 (DHCPv6 client) allows network-adjacent attackers to achieve remote code execution or denial of service on embedded systems. The vulnerability stems from incorrect heap buffer allocation in option_to_env() when parsing D6_OPT_DNS_SERVERS options in DHCPv6 responses. Particularly dangerous on embedded devices lacking heap hardening protections. Fixed in commit 42202bf. No active exploitation confirmed (not in CISA KEV), but publicly available proof-of-concept from VulnCheck disclosure increases real-world risk for IoT and embedded deployments.

RCE Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Memory exhaustion in Prometheus remote read endpoint allows unauthenticated attackers to crash the monitoring server via maliciously crafted snappy-compressed payloads. The /api/v1/read endpoint in versions prior to 3.5.3 and 3.11.3 accepts compressed request bodies without validating the declared decoded length, enabling a 5-byte payload claiming 256 MiB decoded size to trigger massive heap allocations. Concurrent requests can exhaust memory and crash the Prometheus process. EPSS data not provided; no evidence of active exploitation (not in CISA KEV). Vendor-released patches available in versions 3.5.3 and 3.11.3.

Denial Of Service Prometheus
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Postfix mail transfer agent (before 3.8.16, 3.9.x before 3.9.10, and 3.10.x before 3.10.9) lets attackers crash the process through a malformed enhanced status code that ends immediately after the third numeric component with no trailing text, triggering a buffer over-read. The flaw affects availability only - no data exposure or code execution - and has no public exploit identified at time of analysis. EPSS is very low (0.04%, 11th percentile) and CISA SSVC rates exploitation as none and non-automatable, consistent with a crash-only bug.

Denial Of Service Postfix
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash Apache HTTP Server 2.4.66 and earlier by sending malicious requests that trigger a NULL pointer dereference in mod_dav_lock, causing denial of service. The vulnerability affects only servers with mod_dav_lock enabled, a legacy module whose primary use-case (Apache Subversion < 1.2.0) is obsolete in modern deployments. CISA SSVC indicates no active exploitation, but the attack is automatable against susceptible configurations. CVSS 7.5 (High) reflects network-accessible, unauthenticated denial of service, though real-world impact is limited to the small subset of servers still running mod_dav_lock.

Null Pointer Dereference Denial Of Service Apache +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper handling of the track_id argument in the VvcVpsUnit::setFPS function allows local authenticated attackers to trigger an availability impact. Publicly available exploit code exists; however, the vulnerability affects only unsupported legacy versions and requires local access with user-level privileges, limiting real-world exposure.

Denial Of Service Tsmuxer
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper input validation in the HevcVpsUnit::setFPS function allows local authenticated attackers to crash the application by manipulating the track_id argument. The vulnerability affects only unsupported product versions and carries a very low CVSS score (1.9), though publicly available exploit code exists.

Denial Of Service Tsmuxer
NVD VulDB GitHub
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via incorrect error handling when a user equipment device connects to a rogue base station, requiring no authentication or user interaction. The vulnerability affects a broad range of MediaTek cellular chipsets (MT6855, MT6985, MT8793, and others) and carries a CVSS 6.5 score reflecting network-adjacent attack vector and high availability impact. Patch MSV-6100 / MOLY01753620 is available from MediaTek.

Denial Of Service Mediatek Chipset
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in MediaTek modem firmware allows remote denial of service when a device connects to an attacker-controlled base station. The vulnerability affects a wide range of MediaTek chipsets and can crash the modem without requiring user interaction or special privileges. No public exploit code has been identified, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the low EPSS score (0.07%) suggests limited real-world exploitation likelihood despite the attack vector requiring only adjacent network access.

Denial Of Service Buffer Overflow Mediatek Chipset
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of Service in FRRouting 10.0 through 10.6 allows remote unauthenticated attackers to crash the BGP daemon via a malformed BGP UPDATE message exploiting an integer underflow in next-hop capability processing. Upstream fix available in commit 693a2e0 but released patched version not independently confirmed. No public exploit identified at time of analysis, with EPSS score not provided suggesting low observed exploitation activity.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Assimp 6.0.2 crashes when processing malformed FBX files due to unchecked resource consumption in the FBX multi-material mesh converter. Remote attackers can trigger denial of service (application crash) via network-delivered malicious 3D model files without authentication, requiring no user interaction beyond normal file processing. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly documented proof-of-concept exists via GitHub Gist, enabling straightforward reproduction.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS UDR component up to version 2.7.7 allows authenticated remote attackers to crash the subscription data service by manipulating the supi_id argument to the ogs_dbi_subscription_data function. Publicly available exploit code exists, and the vendor has been notified via issue report but has not yet released a patch.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS UDR component (versions up to 2.7.7) via malformed pei argument in udr_nudr_dr_handle_subscription_context function allows authenticated remote attackers to crash the User Data Repository service with low complexity. Publicly available exploit code exists; vendor has not responded to early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component by exploiting improper error handling in the gmm_handle_service_request function. The vulnerability requires low-privilege authentication to trigger and results in service unavailability. A public exploit has been disclosed via GitHub issue tracker, though the vendor has not yet released a patch despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Null pointer dereference in Telegram Desktop up to version 6.7.5 allows remote attackers without authentication to cause denial of service by crafting a malicious login_url argument in the Bot API RequestButton function. The vulnerability requires user interaction to click a malicious link and has a public exploit disclosure, though vendor response to early disclosure notification was not forthcoming.

Null Pointer Dereference Denial Of Service Desktop
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark 4.6.0 through 4.6.4 crashes when processing malformed IEEE 802.11 frames due to a null pointer dereference in the protocol dissector. An attacker can trigger denial of service by crafting or replaying a specially malformed wireless packet that causes the dissector to crash when analyzed, rendering packet analysis impossible until the application restarts. CVSS score 5.5 reflects local attack vector with user interaction required; no public exploit code has been identified at time of analysis.

Null Pointer Dereference Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Open5GS AMF (Access and Mobility Function) up to version 2.7.6 allows authenticated remote attackers to cause service unavailability by sending crafted registration requests with manipulated reg_type arguments. The vulnerability exists in the GMM (Mobility Management) handler due to insufficient validation of registration type values, potentially triggering null pointer dereferences or assertion failures. Vendor-released patch version 2.7.7 is available.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.9 through 1.10.x) allows unauthenticated remote attackers to crash BEAM nodes via compression bombs when permessage-deflate is enabled. The inflate/2 function decompresses WebSocket frames without output-size limits, enabling attackers to send tiny compressed payloads (~1024:1 ratio) that expand to gigabyte-scale heap allocations. Vendor-released patch available (version 1.11.0). EPSS data not available; no public exploit identified at time of analysis. Exploitation requires non-default configuration (both server-level compress and per-upgrade compress: true options enabled), making stock Phoenix/LiveView applications unaffected.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.0 through 1.10.x) allows unauthenticated remote attackers to trigger denial of service by sending unbounded WebSocket continuation frames without setting the fin flag. The fragment reassembly logic accumulates payloads without checking cumulative message size, bypassing the max_frame_size limit which only applies to individual frames. Applications using Phoenix Channels or LiveView over Bandit expose this attack surface on any WebSocket endpoint. Patch available in version 1.11.0 introduces max_fragmented_message_size parameter (default 8MB). No public exploit code identified at time of analysis, but trivial to reproduce with standard WebSocket libraries.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Denial of service in mtrudel bandit via HTTP/2 frame deserialization allows unauthenticated remote attackers to exhaust server memory by sending oversized frames. The vulnerability exists because the HTTP/2 frame parser in 'Elixir.Bandit.HTTP2.Frame':deserialize/2 performs the max frame size check after pattern-matching the entire payload into memory, rather than before, allowing attackers to force buffering of up to 16 MiB frames regardless of negotiated limits. Confirmed actively exploited (CISA KEV status unknown but vendor advisory confirms vulnerability). Patch available in version 1.11.0.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

DTrace kernel instrumentation tool on Linux is vulnerable to a denial-of-service and potential privilege escalation attack when processing malicious ELF binaries with out-of-range sh_link fields. An unprivileged attacker can craft an ELF binary that, when instrumented by a root-level dtrace process, triggers an out-of-bounds heap read in the ELF parser. This can crash the dtrace daemon (DoS) or, depending on heap layout, lead to reading and dereferencing garbage pointers controlled by the attacker, potentially enabling code execution in a privileged context. The vulnerability requires local access and a privileged dtrace instance to be actively instrumentation the malicious process, but carries significant risk given dtrace's typical deployment in system administration and security monitoring contexts.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

DTrace process can be reliably crashed by unprivileged local attackers via a malicious ELF binary that triggers an integer divide-by-zero condition in the Pbuild_file_symtab() function, causing denial of service. CVSS 3.3 (low severity) reflects local-only attack vector and low privileges required, though the reliable crash mechanism and low exploitation complexity may elevate practical risk in multi-tenant or shared-system environments.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS AMF component up to version 2.7.7 allows authenticated remote attackers to trigger resource exhaustion via improper handling of PDU session context update messages in the amf_nsmf_pdusession_handle_update_sm_context function. The vulnerability has a low CVSS score (2.1) but publicly available exploit code exists; however, exploitation requires prior authentication to the 5G network, significantly limiting real-world attack surface.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS up to version 2.7.7 affects the AMF (Access and Mobility Function) component, specifically the ogs_id_get_value function in nudm-handler.c, allowing remote authenticated attackers to cause service unavailability. Publicly available exploit code exists, and the vulnerability has been reported to the project via GitHub issue #4405 without vendor acknowledgment or patch release at time of analysis.

Denial Of Service Open5gs
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Remote unauthenticated denial of service crashes Vanetza V2X v26.02 receivers via malformed GeoNetworking packets containing invalid ECC points. Uncaught OpenSSL exceptions from elliptic curve point validation (invalid compressed points, points not on curve) in the security layer escape through the Router::indicate() call chain, triggering std::terminate and process termination. No public exploit identified at time of analysis, though EPSS risk assessment unavailable. Attack requires only network access to the V2X receiver endpoint with no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this a significant operational risk for deployed V2X infrastructure relying on continuous availability for vehicle safety communications.

OpenSSL Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via manipulation of the amf_nudm_sdm_handle_provisioned function in the NUDM handler. The vulnerability has publicly available exploit code and affects the authentication and mobility management core of 5G networks, requiring valid credentials to trigger but resulting in service unavailability. Public disclosure has occurred without vendor remediation at the time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service via memory exhaustion in Prosody before 0.12.6 and 1.0.0 through 13.0.4 allows unauthenticated remote attackers to crash the server through XML parsing resource amplification. An attacker can send specially crafted XML payloads to trigger excessive memory consumption without authentication, resulting in service unavailability with a CVSS score of 5.3 indicating low severity availability impact.

Denial Of Service Prosody
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Prosody XMPP server versions before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5 are vulnerable to denial of service via memory exhaustion from unauthenticated connections. An attacker can remotely trigger memory leaks by establishing multiple connections without authentication, eventually exhausting server memory and causing service unavailability. No special configuration or user interaction is required; the vulnerability affects default Prosody deployments accessible over the network.

Denial Of Service Prosody
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the BSF (Binding Support Function) component by manipulating the ipv6Prefix argument in the bsf_sess_find_by_ipv6prefix function. The vulnerability has a low CVSS score of 2.1 due to requiring authentication and causing only availability impact, but publicly available exploit code exists and the vendor has not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

XFS filesystem crashes during log recovery when inodes with node-format extended attributes are inactivated following an untimely log shutdown, due to stale metadata block references in the attribute B-tree. Unprivileged local attackers with write access to XFS filesystems can trigger this denial-of-service condition by inducing log shutdown during extended attribute cleanup, causing the filesystem to unmount and require repair. The vulnerability affects Linux kernel versions prior to 6.19.12 and later stable branches.

Denial Of Service Linux Red Hat +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in the Linux kernel AF_ALG crypto interface allows local authenticated attackers to trigger a NULL pointer dereference and kernel panic by sending sequential sendmsg() calls that cause scatter-gather list chain operations to fail to properly unmark SGL boundaries. The vulnerability occurs when AF_ALG allocates chained SGL structures without clearing end markers on previous entries, causing the crypto scatterwalk to encounter premature termination and dereference NULL pointers. CVSS 5.5 (AV:L/AC:L/PR:L) reflects local-only attack requirement with low complexity; EPSS 0.02% (7th percentile) indicates minimal real-world exploitation risk despite kernel panic severity.

Denial Of Service Null Pointer Dereference Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel macb driver allows local authenticated attackers to cause denial of service or potentially escalate privileges during module removal. The vulnerability occurs in the PCI glue driver when platform_device_unregister() triggers a runtime resume callback that attempts to access already-freed clock structures. EPSS score is low (0.02%) with no evidence of active exploitation. Vendor patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Denial Of Service Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel net/mlx5 LAG (Link Aggregation) driver allows local authenticated attackers to cause denial of service by accessing debugfs interfaces when LAG device context is invalid. The vulnerability exists in mlx5_ldev_add_debugfs() which creates debugfs entries without validating that a valid LAG context exists, exposing the members file and other interfaces that depend on a valid ldev pointer. EPSS exploitation probability is 0.02% (percentile 7%), indicating low real-world exploitation likelihood despite the vulnerability's availability for patching.

Denial Of Service Null Pointer Dereference Linux +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via null pointer dereference in Linux kernel gpio-qixis-fpga driver affects local users with limited privileges. The driver incorrectly checks for NULL return value from devm_regmap_init_mmio(), which returns ERR_PTR() on failure, allowing a local attacker with user-level privileges to trigger a kernel panic by causing improper error handling. EPSS score is low (0.02%), indicating limited exploitation probability despite CVSS 5.5 severity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper SPDIF1 enumeration during DAIO initialization on hw20k2 hardware. The vulnerability affects kernel versions 6.19 through 7.0 due to a refactoring that loops over all DAIO types including the hw20k2-incompatible SPDIF1 entry, triggering a kernel crash when the undefined hardware info is accessed. Patch available from Linux stable repositories.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Integer overflow in Linux kernel io_uring subsystem allows local authenticated users to trigger slab-out-of-bounds memory reads and denial of service. The vulnerability stems from improper type casting of user-supplied length values in network bundled receive/send operations, where values exceeding INT_MAX cause negative overflow leading to infinite loops and out-of-bounds array access. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. Vendor patches available for affected stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0), making this a straightforward patching priority for systems running vulnerable versions with io_uring enabled.

Red Hat Suse Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via divide-by-zero crash in the hwmon OCC (On-Chip Controller) power monitoring driver affects Linux kernels when the power sensor is queried before initial data samples are collected, typically during early boot. Local attackers with unprivileged user privileges can trigger a kernel panic by accessing the affected sysfs power attribute, causing system availability impact. CVSS 5.5 reflects local attack vector and low complexity; EPSS 0.02% indicates low real-world exploitation probability despite the straightforward trigger condition.

Red Hat Suse Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel NULL pointer dereference in AMD GPU driver on systems with 64KB page sizes allows local authenticated attackers to crash the system by triggering memory allocation mismatches between reserved trap area (8KB) and required allocation size (128KB) during GPU memory initialization. The vulnerability affects systems running ROCm workloads and causes denial of service when executing rocminfo or rccl unit tests on IBM POWER10 and similar 64K-page architectures. EPSS exploitation probability is very low (0.02%), and no public exploit code or active in-the-wild exploitation has been identified.

Red Hat Suse Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the Linux kernel USB Cadence 3 (cdns3) gadget driver when ep_queue is called on disabled or unconfigured endpoints. A local authenticated attacker can trigger a kernel crash by invoking the vulnerable code path on systems with cdns3 USB gadget support enabled. No public exploit code has been identified, but the attack requires only local access and low privileges (CVSS 5.5, EPSS 0.02%).

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service condition in the Linux kernel's Cadence USB3 (cdns3) gadget driver occurs when gadget initialization fails, leaving the DRD hardware in gadget mode while software state remains inactive. Switching the device to USB host mode via sysfs triggers a synchronous external abort in the xHCI host controller setup, causing a kernel crash. Local authenticated users with access to the USB role-switch sysfs interface can trigger this condition, affecting Linux kernel versions 5.4 through current releases. A patch is available from the Linux kernel project.

Red Hat Suse Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

Red Hat Suse Denial Of Service +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Denial of service in the Linux kernel comedi dt2815 driver allows local authenticated users to crash the system by attaching the driver to arbitrary I/O addresses without actual hardware present via the COMEDI_DEVCONFIG ioctl. The vulnerability occurs when outb() operations are performed on non-existent hardware, triggering page faults under race conditions. A patch adding hardware detection via status register reads prevents the crash.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference and invalid I/O port writes in the Linux kernel's comedi ni_atmio16d driver occur when the device attach handler fails, causing the detach handler to call reset_atmio16d() with uninitialized device state. Local privileged attackers can trigger a denial of service by causing attach to fail, resulting in kernel memory access violations or writes to address zero. No public exploit code or active exploitation has been identified; patch versions are available from the Linux kernel stable branches.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel energy model netlink handler allows local authenticated attackers to crash the system via NULL pointer dereference when requesting non-existent performance domain IDs. The dev_energymodel_nl_get_perf_domains_doit() function fails to validate the return value from em_perf_domain_get_by_id() before dereferencing the performance domain structure, causing immediate kernel panic when an invalid domain ID is supplied. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit code or active exploitation has been identified.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Missing CRYPTO_ALG_ASYNC flag in Linux kernel's Tegra crypto driver causes the crypto API to incorrectly select asynchronous algorithms for synchronous-only requests, resulting in system crashes. This affects Tegra-based Linux systems (typically NVIDIA Jetson devices) running kernel versions 6.10 through early 7.0 development branches. Vendor patches are available across stable branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability, and no active exploitation or public POC has been identified. The CVSS vector (AV:N/AC:L/PR:L/UI:N) suggests network-based exploitation requiring authenticated access, though this conflicts with the technical nature of a local driver configuration bug.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the MediaTek Ethernet PPE (packet processing engine) driver occurs when gmac0 (the primary ethernet interface) is disabled on affected systems. A local authenticated attacker can trigger a kernel crash by sending traffic through the networking stack when the driver incorrectly checks for a valid ingress device without verifying if the first network device pointer is actually initialized. The vulnerability affects Linux kernel versions prior to fixes released in stable branches 6.18.22, 6.12.81, 6.19.12, and 7.0.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the USB gadget ethernet driver (usb: gadget: u_ether) between gether_disconnect() and eth_stop() causes a NULL pointer dereference and system hardlockup on local systems with low privilege users. When eth_stop() is triggered concurrently during gether_disconnect(), it attempts to access a cleared endpoint descriptor, crashing while holding a spinlock that gether_disconnect() also needs, resulting in kernel panic and denial of service. CVSS 4.7 with low EPSS score (0.02%, percentile 7%) indicates limited real-world exploitation likelihood despite confirmed availability of vendor patches across multiple stable kernel branches.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the USB Ethernet gadget driver (u_ether) allows local attackers with low privileges to cause a denial of service by querying device information via ethtool during device unbind. The vulnerability occurs when userspace tools call eth_get_drvinfo() on a gadget interface after the kernel has cleared the gadget pointer during device reparenting, triggering a crash without authentication or user interaction. EPSS exploitation probability is minimal (0.02%), and this is a localized denial of service with no impact on confidentiality or integrity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference in the Linux kernel USB gadget UVC (USB Video Class) driver during power management transitions allows local authenticated attackers with low privileges to cause a kernel panic and denial of service. The vulnerability occurs when the PM subsystem freezes user space processes during suspend, causing wait_event_interruptible_timeout() to abort early in uvc_function_unbind(), which nullifies the gadget pointer. When tasks are restarted, the V4L2 release path attempts to access the already nullified pointer, triggering a kernel panic. Patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Algorithmic complexity denial of service in Apache Neethi allows remote unauthenticated attackers to exhaust JVM heap memory via malicious WS-Policy documents. Specially crafted policy documents trigger exponential Cartesian cross-product expansion during normalization, generating unbounded policy alternatives that consume all available memory. Apache has released version 3.2.2 with normalization limits to prevent exploitation. EPSS data not available; no CISA KEV listing identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of Service in Apache Neethi WS-Policy processor allows remote unauthenticated attackers to crash applications or cause resource exhaustion by sending crafted policy documents with circular references. The vulnerability (CVSS 7.5) triggers infinite loops or stack overflow during policy normalization when Policy A references Policy B which references Policy A. Apache released version 3.2.2 to address this flaw. With network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N), this represents a readily exploitable attack surface for applications parsing untrusted WS-Policy documents, though no public exploit or active exploitation (KEV) has been identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Function) service by manipulating the ueContextId parameter in the UE context transfer-update endpoint, resulting in service unavailability. Public exploit code is available but the vendor has not issued a patch or official response despite early notification.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS AMF SBI Endpoint (versions up to 2.7.7) allows authenticated remote attackers to crash the service by manipulating the changeItem.newValue argument in the /namf-callback/v1/{id}/sdmsubscription-notify endpoint. CVSS score of 2.1 reflects low severity despite network accessibility, primarily due to availability impact limitation and authentication requirement. Exploit code is publicly available, though the vendor has not yet responded to the early notification.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the BSF (Binding Support Function) service by manipulating the ipv4Addr parameter in the /nbsf-management/v1/pcfBindings endpoint. The vulnerability has publicly available exploit code and affects a core 5G network function, creating operational risk for mobile networks relying on this open-source implementation.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 VRML parser allows denial of service when processing crafted VRML files with invalid coordIndex values. The vulnerability exists in VrmlData_IndexedLineSet::TShape geometry processing, where array indices are used without bounds validation, enabling local attackers with user interaction to crash applications through malformed input.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds memory read in openxc/isotp-c ISO-TP Single Frame handler allows adjacent network attackers to trigger denial of service or extract sensitive information via malicious CAN frames. The vulnerability exists in all versions through commit 5a5d19245f65 (August 2021) and stems from unchecked use of a 4-bit payload length field directly as memcpy buffer size. EPSS data unavailable; no CISA KEV listing indicates no confirmed widespread exploitation, though publicly available technical analysis exists (GitHub Gist reference).

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Eprosima Micro-XRCE-DDS Agent 3.0.1 allows unauthenticated network attackers to crash the agent via malformed packets targeting the MTU length field. The vulnerability is remotely exploitable with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N) and is classified as automatable by SSVC analysis. No active exploitation confirmed at time of analysis, but GitHub issue and researcher documentation provide technical details. EPSS data not available; CVSS 7.5 reflects high availability impact suitable for targeting DDS middleware deployments.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).

Denial Of Service Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 enables remote code execution when processing malicious PCAP files. The canformat_pcap.cpp parser fails to validate the phdr.len field, allowing attackers to overflow stack buffers and execute arbitrary code with high confidentiality, integrity, and availability impact. Public proof-of-concept code exists (GitHub Gist), though no active exploitation is confirmed by CISA KEV. SSVC assessment indicates automatable exploitation despite requiring user interaction to open crafted PCAP files.

Stack Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. Public proof-of-concept code exists (GitHub Gist reference), elevating immediate exploitation risk despite no CISA KEV listing, suggesting targeted rather than mass exploitation scenarios.

Denial Of Service Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap-based out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 OBJ file parser allows local attackers to cause denial of service or leak sensitive memory contents when victims open malicious OBJ files. The vulnerability stems from missing buffer length validation in RWObj_Reader::read() after Standard_ReadLineBuffer::ReadLine() returns minimal 1-byte buffers, leading to unsafe memory access at aLine + 2. EPSS data not available; no confirmed active exploitation or public proof-of-concept identified at time of analysis. Requires user interaction, limiting automated exploitation potential.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
Prev Page 31 of 406 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
36508

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy