#dos

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted messages to the MSMQ service, which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?** An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Windows Deployment Services functionality.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/ne...

### Summary There is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. ### Details IMAP's `uid-set` and `sequence-set` formats can compress ranges of numbers, for example: `"1,2,3,4,5"` and `"1:5"` both represent the same set. When `Net::IMAP::ResponseParser` receives `APPENDUID` or `COPYUID` response codes, it expands each `uid-set` into an array of integers. On a 64 bit system, these arrays will expand to 8 bytes for each number in the set. A malicious IMAP server may send specially crafted `APPENDUID` or `COPYUID` responses with very large `uid-set` ranges. The `Net::IMAP` client parses each server response in a separat...

The ABB Cylon FLXeon BACnet controller is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service (DoS) condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON objects by sending specially crafted requests through the ports JSON array. This results in excessive memory and CPU usage, causing resource exhaustion and potential service failure.