Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

GHSA-4wf5-vphf-c2xc: Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

ghsa
Open in Source
#dos#git
GHSA-477v-w82m-634j: Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

GHSA-339q-62wm-c39w: Undertow vulnerable to Denial of Service (DoS) attacks

Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.

GHSA-fj7c-vg2v-ccrm: Undertow vulnerable to memory exhaustion due to buffer leak

Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.

CVE-2022-25858: fix potential regexp DDOS · terser/terser@a4da734

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25891: discord message size fixes by piksel · Pull Request #242 · containrrr/shoutrrr

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

Why 8kun Went Offline During the January 6 Hearings

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump's invitation to "be wild" in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.

Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media,

CVE-2022-32406: Buffer overflow in q3map2 when parsing malformed MAP file · Issue #676 · TTimo/GtkRadiant

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.

CVE-2022-32298: Null pointer dereference in httpd.c · Issue #346 · landley/toybox

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.