denial-of-service
Safeguard articles tagged "denial-of-service" — guides, analysis, and best practices for software supply chain and application security.
44 articles
Unrestricted Resource Consumption in APIs
API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.
CVE-2022-24999: Prototype pollution / DoS in qs querystri...
CVE-2022-24999 exposes a prototype pollution and denial-of-service flaw in the qs querystring library used across the Node.js ecosystem.
CVE-2023-49083: NULL pointer dereference in python-crypto...
A NULL pointer dereference in python-cryptography's PKCS7 loader (CVE-2023-49083) lets malformed input crash applications. Here's what to patch and why.
CVE-2019-1010083: Denial of service in Flask via large mu...
CVE-2019-1010083 let attackers crash Flask apps with crafted multipart requests. Here's the impact, affected versions, and how to remediate the DoS flaw.
CVE-2023-25577: Denial of service in Werkzeug multipart p...
CVE-2023-25577 lets attackers trigger denial of service in Werkzeug's multipart parser via crafted uploads. Here's the impact, timeline, and fix.
CVE-2020-10109: Denial of service in Twisted via 100-cont...
CVE-2020-10109 lets attackers hang Twisted's HTTP server with malformed 100-continue requests, exhausting resources until it stops responding.
CVE-2017-18640: Denial of service via SnakeYAML alias ent...
CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.
CVE-2019-1075: Denial of service in .NET Core
CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.
CVE-2020-0602: Denial of service in ASP.NET Core
A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.
CVE-2022-29117: Regular expression denial of service in .NET
CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.
CVE-2022-29145: Denial of service in .NET SignalR/Network...
CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.
CVE-2022-38013: Denial of service in .NET via crafted req...
A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.