#dos

Ubuntu Security Notice 7124-1 - Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 23 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Debian Linux Security Advisory 5817-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Red Hat Security Advisory 2024-9986-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9984-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9977-03 - An update for python-zipp is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9960-03 - OpenShift API for Data Protection 1.3.4 is now available. Issues addressed include a denial of service vulnerability.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. ## Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. ## Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

### Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while parsing or producing TOML documents, nor does it offer a way to do so. ### Proof of concept ```js require("smol-toml").parse("e=" + "{e=".repeat(9999) + "{}" + "}".repeat(9999)) ``` ### Impact Applications which parse arbitrary TOML documents may suffer availability issues if they receive malicious input. If uncaught, the crash may cause the application itself to crash. The impact is deemed minor, as the function is already likely to throw errors on invalid input and therefore to properly handle errors. Due to the design of most JavaScript runtimes, the uncontrolled recursion does not lead to excessive memory usage and the execution is quickly aborted. As a reminder, it is **strongly**...

Sorting table records using an `ORDER BY` clause with the `rand()` function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent [change in Rust 1.81](https://blog.rust-lang.org/2024/09/05/Rust-1.81.0.html#new-sort-implementations). ### Impact A client that is authorized to run queries in a SurrealDB server would be able to query a table with `ORDER BY rand()` in order to potentially cause a panic in the sorting function. This would crash the server, leading to denial of service. ### Patches The sorting algorithm has been updated to guarantee total order when shuffling records. - Version 2.1.0 and later are not affected by this issue. ### Workarounds Affected users who are unable to update may want to limit the ability of untrusted clients to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB ad...