denial-of-service
Safeguard articles tagged "denial-of-service" — guides, analysis, and best practices for software supply chain and application security.
44 articles
CVE-2021-45105: the Log4j denial-of-service flaw recursion built
CVE-2021-45105 scored CVSS 5.9 and let a single crafted lookup string crash a JVM with a StackOverflowError — no RCE required, just uncontrolled recursion.
How catastrophic regex backtracking causes ReDoS — and how to stop it
A single bad regex took Cloudflare's global network to ~100% CPU for 27 minutes in 2019. Here's the backtracking mechanics behind ReDoS and how to rewrite unsafe patterns.
Protocol Buffers (protobuf) Security Guide (2026)
Protocol Buffers is the serialization format behind gRPC and much of modern service-to-service traffic — and because parsing untrusted binary is its whole job, its real CVEs are denial-of-service by design, with a critical prototype-pollution bug in the JavaScript runtime.
ReDoS: Regular Expression Denial of Service in JavaScript
A single bad regex can freeze your entire Node.js event loop on one malicious request. Here is how catastrophic backtracking works, how to spot vulnerable patterns, and how to fix them without rewriting everything.
HTTP/2 CONTINUATION Flood: Inside CVE-2024-27316 and the Frame-Based DoS Class
A single TCP connection with no END_HEADERS flag was enough to crash major HTTP/2 servers — worse than Rapid Reset, and it took the industry a decade to check for it.
The security cost of long-lived HTTP connections
Keep-alive and HTTP/2 multiplexing cut handshake overhead but hold server resources open per connection — Slowloris and 2023's Rapid Reset attacks both exploited exactly that tradeoff.
ReDoS in Python and FastAPI: how one regex takes down an event loop
CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.
What is ReDoS (Regular Expression Denial of Service)?
A single badly written regular expression can freeze an entire service under a short, crafted input. This is ReDoS — and it has taken down Cloudflare and Stack Overflow. Here's how to avoid it.
HTTP/2 Rapid Reset (CVE-2023-44487) Explained
A protocol-level flaw in HTTP/2 turned a normal feature into the largest DDoS attacks ever recorded. Here is how Rapid Reset works and which library versions fix it.
Regular Expression Denial of Service (ReDoS) explained
ReDoS turns a single crafted string into an exponential-time attack. Here's how catastrophic backtracking works, real CVEs, and how to detect it.
What is GraphQL Security
GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.
The npm 'everything' Package Attack (2024) Analyzed
In January 2024 a developer published npm packages that depended on every public npm package, triggering a denial-of-service style incident across the registry.