Safeguard
Tag

denial-of-service

Safeguard articles tagged "denial-of-service" — guides, analysis, and best practices for software supply chain and application security.

44 articles

Vulnerability Analysis

OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)

CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.

Jan 10, 20267 min read
Vulnerability Analysis

Express qs library prototype pollution DoS (CVE-2022-24999)

CVE-2022-24999 lets attackers pollute Object.prototype through qs, the query-string parser Express relies on, crashing Node.js applications.

Jan 6, 20267 min read
Vulnerability Analysis

ws WebSocket library header DoS (CVE-2021-32640)

CVE-2021-32640 lets attackers stall Node.js WebSocket servers via a crafted header in the widely-used ws npm package. Here's the fix.

Jan 5, 20267 min read
Vulnerability Analysis

socket.io-parser denial of service (CVE-2020-28477)

A remote, unauthenticated attacker could crash Socket.IO servers with one malformed packet. Here's the CVE-2020-28477 breakdown and how to fix it.

Jan 4, 20267 min read
Vulnerability Analysis

Django str.format denial of service (CVE-2023-41164)

CVE-2023-41164 lets attackers DoS Django apps via a str.format() flaw in uri_to_iri(). Here's what's affected, severity context, and how to fix it.

Dec 28, 20256 min read
Vulnerability Analysis

Werkzeug multipart form-data denial of service (CVE-2019-1010083)

CVE-2019-1010083 lets attackers crash Flask apps via crafted multipart form-data. Here's the CVSS score, timeline, and how to fix the Werkzeug DoS flaw.

Dec 27, 20258 min read
Vulnerability Analysis

Werkzeug multipart parser DoS (CVE-2023-46136)

A crafted multipart upload could pin Werkzeug workers at 100% CPU with no auth required. Here's what CVE-2023-46136 affects and how to fix it.

Dec 26, 20257 min read
Vulnerability Analysis

Jetty SSL buffer bloat denial of service (CVE-2021-28165)

CVE-2021-28165 lets attackers exhaust Jetty server memory via SSL buffer bloat, causing denial of service. Affected versions, timeline, and fixes inside.

Dec 23, 20257 min read
Vulnerability Analysis

Docker Engine crafted image denial of service (CVE-2021-21285)

CVE-2021-21285 lets a crafted container image crash Docker Engine before 20.10.3. Affected versions, severity, timeline, and remediation steps.

Dec 15, 20257 min read
Vulnerability Analysis

Algorithmic complexity denial of service explained

Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.

Dec 7, 20256 min read
AI Security

LLM Denial of Service Attack Techniques

LLM denial of service attacks exploit sponge prompts, unbounded generation, and denial-of-wallet loops to cripple AI systems without a single exploit.

Nov 13, 20257 min read
Application Security

Null Pointer Dereference Vulnerabilities

A single unchecked pointer can crash a server. Here's what null pointer dereference vulnerabilities are, real CVEs like OpenSSL's, and how to catch them.

Nov 10, 20257 min read
denial-of-service (Page 2) — Safeguard Blog