An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.
Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory.
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service.
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp.
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.
Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5.
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion.
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.