#dos

By Waqas OpenAI and ChatGPT began experiencing service outages on November 8th, and the company is actively working to restore full service. This is a post from HackRead.com Read the original post: ChatGPT Down? OpenAI Blames Outages on DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.  

### Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: <= v1.30.0. ### Patches The patch is included in v1.31.0 [1]. ### Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic. If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public GitHub issue. [1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0 [2] https://aws.amazon.com/security/vulnerability-reporting

### Summary Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in `pkg/cosign.FetchAttestations`. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alterna...

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from compl...