Safeguard
Tag

denial-of-service

Safeguard articles tagged "denial-of-service" — guides, analysis, and best practices for software supply chain and application security.

44 articles

Industry Analysis

Unrestricted Resource Consumption in APIs

API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.

Nov 6, 20257 min read
Vulnerability Analysis

CVE-2022-24999: Prototype pollution / DoS in qs querystri...

CVE-2022-24999 exposes a prototype pollution and denial-of-service flaw in the qs querystring library used across the Node.js ecosystem.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2023-49083: NULL pointer dereference in python-crypto...

A NULL pointer dereference in python-cryptography's PKCS7 loader (CVE-2023-49083) lets malformed input crash applications. Here's what to patch and why.

Oct 4, 20256 min read
Vulnerability Analysis

CVE-2019-1010083: Denial of service in Flask via large mu...

CVE-2019-1010083 let attackers crash Flask apps with crafted multipart requests. Here's the impact, affected versions, and how to remediate the DoS flaw.

Oct 3, 20257 min read
Vulnerability Analysis

CVE-2023-25577: Denial of service in Werkzeug multipart p...

CVE-2023-25577 lets attackers trigger denial of service in Werkzeug's multipart parser via crafted uploads. Here's the impact, timeline, and fix.

Oct 3, 20257 min read
Vulnerability Analysis

CVE-2020-10109: Denial of service in Twisted via 100-cont...

CVE-2020-10109 lets attackers hang Twisted's HTTP server with malformed 100-continue requests, exhausting resources until it stops responding.

Oct 3, 20257 min read
Vulnerability Analysis

CVE-2017-18640: Denial of service via SnakeYAML alias ent...

CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2019-1075: Denial of service in .NET Core

CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2020-0602: Denial of service in ASP.NET Core

A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29145: Denial of service in .NET SignalR/Network...

CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-38013: Denial of service in .NET via crafted req...

A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.

Sep 18, 20257 min read
denial-of-service (Page 3) — Safeguard Blog