Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

GHSA-jm7m-8jh6-29hp: Apache Tomcat Incomplete Cleanup vulnerability

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

ghsa
#vulnerability#web#windows#dos#apache#git#java#maven
GHSA-mj24-gpw7-23m9: Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal

### Impact ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable "ltree" field type indexing limit (path length>=120 approximately, recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. ### Patches The problem was fixed in `service-api` module of version `5.10.0` (product release [23.2](https://reportportal.io/docs/releases/Version23.2/)), where the maximum number of nested elements were programmatically limited. ### Workarounds After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal is working properly.

GHSA-vx74-f528-fxqg: github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

### Impact Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound cause denial of service. See https://www.cve.org/CVERecord?id=CVE-2023-44487 for details. ### Patches nghttp2 v1.57.0 mitigates this vulnerability by default. ### Workarounds If upgrading to nghttp2 v1.57.0 is not possible, implement `nghttp2_on_frame_recv_callback`, and check and count RST_STREAM frames. If excessive number of RST_STREAM are received, then take action, such as dropping connection silently, or call `nghttp2_submit_goaway` and gracefully terminate the connection. ### References The following commit mitigates this vulnerability: - https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832

CVE-2023-45129: Rooms - Synapse

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.

CVE-2023-36606

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36709

Microsoft AllJoyn API Denial of Service Vulnerability

CVE-2023-36602

Windows TCP/IP Denial of Service Vulnerability

CVE-2023-36720

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

CVE-2023-36431

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36579

Microsoft Message Queuing Denial of Service Vulnerability