denial-of-service
Safeguard articles tagged "denial-of-service" — guides, analysis, and best practices for software supply chain and application security.
44 articles
OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)
CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.
Express qs library prototype pollution DoS (CVE-2022-24999)
CVE-2022-24999 lets attackers pollute Object.prototype through qs, the query-string parser Express relies on, crashing Node.js applications.
ws WebSocket library header DoS (CVE-2021-32640)
CVE-2021-32640 lets attackers stall Node.js WebSocket servers via a crafted header in the widely-used ws npm package. Here's the fix.
socket.io-parser denial of service (CVE-2020-28477)
A remote, unauthenticated attacker could crash Socket.IO servers with one malformed packet. Here's the CVE-2020-28477 breakdown and how to fix it.
Django str.format denial of service (CVE-2023-41164)
CVE-2023-41164 lets attackers DoS Django apps via a str.format() flaw in uri_to_iri(). Here's what's affected, severity context, and how to fix it.
Werkzeug multipart form-data denial of service (CVE-2019-1010083)
CVE-2019-1010083 lets attackers crash Flask apps via crafted multipart form-data. Here's the CVSS score, timeline, and how to fix the Werkzeug DoS flaw.
Werkzeug multipart parser DoS (CVE-2023-46136)
A crafted multipart upload could pin Werkzeug workers at 100% CPU with no auth required. Here's what CVE-2023-46136 affects and how to fix it.
Jetty SSL buffer bloat denial of service (CVE-2021-28165)
CVE-2021-28165 lets attackers exhaust Jetty server memory via SSL buffer bloat, causing denial of service. Affected versions, timeline, and fixes inside.
Docker Engine crafted image denial of service (CVE-2021-21285)
CVE-2021-21285 lets a crafted container image crash Docker Engine before 20.10.3. Affected versions, severity, timeline, and remediation steps.
Algorithmic complexity denial of service explained
Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.
LLM Denial of Service Attack Techniques
LLM denial of service attacks exploit sponge prompts, unbounded generation, and denial-of-wallet loops to cripple AI systems without a single exploit.
Null Pointer Dereference Vulnerabilities
A single unchecked pointer can crash a server. Here's what null pointer dereference vulnerabilities are, real CVEs like OpenSSL's, and how to catch them.