Inefficient Algorithmic Complexity

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...

EUVD-2021-12932

Malware in sbrugna...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

tomcat: non-persistent DoS attack by feeding data by aborting an upload

It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...