Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification. An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU. Remediation There is ...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that arises from a kernel thread using and not releasing the CPU for longer than a specified period of time...

PT-2024-3051 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.7 Envoy versions prior to 1.27.3 Envoy versions prior to 1.28.1 Envoy versions prior to 1.29.1 Description: The issue is related to a high-performance edge/middle/service proxy, where the regex expression is...

python-multipart Resource Management Error Vulnerability

python-multipart is a streaming multipart parser for Python by the individual developer Marcelo Trylesinski. A resource management error vulnerability exists in versions prior to python-multipart 0.0.7, which stems from the package python-multipart consuming CPU resources and stopping indefinitel...

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...

keycloak: offline session token DoS

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...

AZL-79008 CVE-2023-29409 affecting package golang 1.25.7-1

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

UBUNTU-CVE-2023-29408

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...

SUSE CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...

CVE-2023-1206

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...

PT-2023-24276 · Unknown +1 · Bitcoin Core +1

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 24.1 Description: The issue allows attackers to cause a denial of service, specifically CPU consumption, because draining the inventory-to-send queue is inefficient. This has been exploited in the wild in May...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...

AZL-26730 CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...