Denial Of Service (DoS)

github.com/getkin/kin-openapi is vulnerable to Denial Of Service DoS. The vulnerability is due to the ZipFileBodyDecoder being automatically registered by the module, contrary to the documentation, allowing attackers to upload malicious ZIP files and cause excessive memory usage...

CVE-2024-9840

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

Denial of Service (DoS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Denial of Service DoS via the endpoint for converting markdown. An attacker can cause the server to spend excessive time on processing, rendering it unresponsive to other requests until the conversion is...

GHSA-V464-R2R9-WWW7 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886

CVE-2024-12886 affects ollama/ollama up to version 0.3.14 with an Out-Of-Memory (OOM) DoS when a gzip bomb is processed. The root cause is reading the response body via io.ReadAll in makeRequestWithRetry and getAuthorizationToken, leading to excessive memory usage and crash. Multiple sources (NVD...

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-9840

CVE-2024-9840 is a duplicate of CVE-2024-53981 (per the initial description). Connected data confirms CVE-2024-53981 describes a vulnerability in python-multipart (a streaming multipart parser) with a DoS risk when parsing form data; fixed in version 0.0.18. There is no separate active entry for ...

Advisory ROSA-SA-2025-2786

software: kernel-6.1 6.1.128 OS: ROSA-CHROME packageevrstring: kernel-6.1-generic-6.1.128-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating system kernel is related to memory usage after it has been...

CVE-2025-29786

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive...

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786

CVE-2025-29786 concerns the Expr expression parser (Go). Prior to 1.17.0, unbounded input can cause the parser to build an excessively large AST, leading to high memory usage or an OOM crash. The issue is mitigated by a patch in 1.17.0 that enforces node budget and memory limits during parsing. R...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

Moderate: Red Hat Security Advisory: ACS 4.7 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes new features and security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

Linux 5.6 Cred Refcount Overflow

Linux 5.6 suffers from a cred refcount overflow at approximately 39 gigs of memory usage via iouring. see also my related prior bug reports about overflowing refcounts with lots of RAM usage: https://crbug.com/project-zero/809: BPF program refcount, with 32GiB RAM...

PT-2025-11483

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.0 Description The issue arises when the Expr expression parser is given an unbounded input string, causing it to attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of th...