Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Impact URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to...

Medium: curl

Issue Overview: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPTCONNECTONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to...

MGASA-2016-0187 Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

SUSE-SU-2016:1205-1 Security update for libxml2

This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

SUSE-SU-2016:1204-1 Security update for libxml2

This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

Microsoft Active Directory LSASS Recursive Stack Overflow (MS09-066; CVE-2009-1928)

Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Application Mode ADAM is a Lightweight Directory Access Protocol LDAP directory service that runs as a user service. A denial of service vulnerability has been discovered in...