Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.

CVE
Open in Source
#dos#git
Ubuntu Security Notice USN-6142-1

Ubuntu Security Notice 6142-1 - Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-3460-01

Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6140-1

Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.

GHSA-rvrx-rrwh-r9p6: Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack

### Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running `notation verify`. ### Patches The problem has been fixed in the release [v1.0.0-rc.6](https://github.com/notaryproject/notation/releases/tag/v1.0.0-rc.6). Users should upgrade their notation packages to [v1.0.0-rc.6](https://github.com/notaryproject/notation/releases/tag/v1.0.0-rc.6) or above. ### Workarounds User should use secure and trusted container registries ### Credits The `notation` project would like to thank Adam Korczynski (@AdamKorcz) for responsibly disclosing the issue found during an security audit (facilitated by OSTIF and sponsored by CNCF) and Shiwei Zhang (@shizhMSFT) for root cause analysis.

GHSA-9m3v-v4r5-ppx7: Notation vulnerable to denial of service from high number of artifact signatures

### Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running `notation verify`. ### Patches The problem has been fixed in the release [v1.0.0-rc.6](https://github.com/notaryproject/notation/releases/tag/v1.0.0-rc.6). Users should upgrade their notation packages to [v1.0.0-rc.6](https://github.com/notaryproject/notation/releases/tag/v1.0.0-rc.6) or above. ### Workarounds User should use secure and trusted container registries. ### Credits The `notation` project would like to thank Adam Korczynski (@AdamKorcz) for responsibly disclosing the issue found during an security audit (facilitated by OSTIF and sponsored by CNCF) and Shiwei Zhang (@shizhMSFT) for root cause analysis.

Red Hat Security Advisory 2023-3445-01

Red Hat Security Advisory 2023-3445-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include a denial of service vulnerability.

CVE-2023-33659: Fixed security issues. by lee-emqx · Pull Request #509 · nanomq/NanoNNG

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.

CVE-2023-20727: June 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.

RHSA-2023:3460: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert ...