#dos

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

## Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. ## Details The vulnerability exists in the `isSensitiveSpec` function which calls `grpcomni.CreateResource` without checking if the resource's metadata field is nil. When a resource is created with an empty `Metadata` field, the `CreateResource` function attempts to access `resource.Metadata.Version` causing a segmentation fault. ### Vulnerable Code The `isSensitiveSpec` function in `/src/internal/backend/server.go`: ```go func isSensitiveSpec(resource *resapi.Resource) bool { res, err := grpcomni.CreateResource(resource) // No nil check on resource.Metadata if err != nil { return false } // ... rest of function } ``` The `CreateResource` function expects `resource.Metadata` to be non-nil: ```go func CreateResource(resource *r...

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and

### Summary Parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). ### Remediation Upgrade to 0.11.4 ```toml [dependencies] cel = "0.11.4" ``` ### PoC ```rust use cel::{Context, Program}; fn main() { let program = Program::compile("x(1,").unwrap(); let context = Context::default(); let value = program.execute(&context).unwrap(); assert_eq!(value, true.into()); } ``` ``` $ RUST_BACKTRACE=1 cargo run --bin example-simple Compiling num-traits v0.2.19 Compiling aho-corasick v1.1.3 Compiling regex-syntax v0.8.5 Compiling arbitrary v1.4.1 Compiling serde v1.0.219 Compiling thiserror v1.0.69 Compiling regex-automata v0.4.9 Compiling chrono v0.4.41 Compiling regex v1.11.1 Compiling cel v0.10.0 (/home/john/git/cel-rust/cel) warning:...

### Summary _Authlib’s JWE `zip=DEF` path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service._ ### Details - Affected component: Authlib JOSE, JWE `zip=DEF` (DEFLATE) support. - In `authlib/authlib/jose/rfc7518/jwe_zips.py`, `DeflateZipAlgorithm.decompress` calls `zlib.decompress(s, -zlib.MAX_WBITS)` without a maximum output limit. This permits unbounded expansion of compressed payloads. - In the JWE decode flow (`authlib/authlib/jose/rfc7516/jwe.py`), when the protected header contains `"zip": "DEF"`, the library routes the decrypted ciphertext into the `decompress` method and assigns the fully decompressed bytes to the plaintext field before returning it. No streaming limit or quota is applied. - Because DEFLATE achieves extremely high ratios on highly repetitive input, an attacker can craft a tiny `zip=...