#dos

Ubuntu Security Notice 5821-1 - Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.

Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.

### Description: A regular expression denial of service (ReDoS) vulnerability has been discovered in `ua-parser-js`. ### Impact: This vulnerability bypass the library's `MAX_LENGTH` input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition. ### Affected Versions: All versions of the library prior to version `0.7.33` / `1.0.33`. ### Patches: A patch has been released to remove the vulnerable regular expression, update to version `0.7.33` / `1.0.33` or later. ### References: [Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) ### Credits: Thanks to @Snyk who first reported the issue.

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.