#dos

Two denial of service vulnerabilities were found in ntpd-rs related to the handling of NTS cookies in our client functionality. Whenever an NTS source is configured and the server behind that source is sending zero-sized cookies or cookies larger than what would fit in our buffer size, ntpd-rs would crash. Only configured NTS sources can abuse these vulnerabilities. NTP sources or third parties that are not configured cannot make use of these vulnerabilities. For zero-sized cookies: a division by zero would force an exit when the number of new cookies that would need to be requested is calculated. In ntpd-rs 1.5.0 a check was added to prevent the division by zero. For large cookies: while trying to send a NTP request with the cookie included, the buffer is too small to handle the cookie and an exit of ntpd-rs is forced once a write to the buffer is attempted. The memory outside the buffer would not be written to in this case. In ntpd-rs 1.5.0 a check was added that prevents accepting...

### Impact An unauthenticated stack overflow crash, leading to a denial of service (DoS), was identified in Rancher’s `/v3-public/authproviders` public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would actually be written in the API. The downstream clusters, i.e., the clusters managed by Rancher, are not affected by this issue. This vulnerability affects those using external authentication providers as well as Rancher’s local authentication. ### Patches The patch includes the removal of unnecessary HTTP methods of the specific API. Patched versions include releases `v2.8.13`, `v2.9.7` and `v2.10.3`. ### Workarounds There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Rancher Manager that contains the fix. ### References If you have any questions or comments about this advisory: - Reach out to the [SUSE Rancher Security team](h...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: ...

### Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. ### Patches Version 4.0.5 fixes this issue ### Workarounds Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters. ### References This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.

### Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. ### Patches This problem has been patched and exists in versions 1.49.1 and below ### Workarounds On S3 backends, configure ```yaml # ... blockstore: s3: disable_pre_signed_multipart: true ``` or set environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true`. ### References _Are there any links users can visit to find out more?_

### Impact A maliciously crafted QPY file containing a malformed `symengine` serialization stream as part of the larger QPY serialization of a `ParameterExpression` object can cause a segfault within the `symengine` library, allowing an attacker to terminate the hosting process deserializing the QPY payload. ### Patches This issue is addressed in 1.3.0 when using QPY format version 13. QPY format versions 10, 11, and 12 are all still inherently vulnerable if they are using symengine symbolic encoding and `symengine <= 0.13.0` is installed in the deserializing environment (as of publishing there is no newer compatible release of symengine available). Using QPY 13 is strongly recommended for this reason. The symengine 0.14.0 release has addressed the segfault issue, but it is backward incompatible and will not work with any Qiskit release; it also prevents loading a payload generated with any other version of symengine. Using QPY 13 is strongly recommended for this reason. It is als...

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

DOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.

Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and…