Show threadrexiJul 10, 2025

https://www.sciencedirect.com/science/article/pii/S2352467725001778

Sustainable Energy, Grids and Networks, Volume 43, September 2025

"a systematic #cybersecurity assessment of a #digitalsubstation…A testbed was developed to assess the different attack vectors with a focus on targeting #virtualmachines #resourceexhaustion and #injectionattacks…use case was successfully demonstrated with multiple targeted cyber attacks on the testbed where the non-attacked IED successfully cleared the grid fault."

zartomFeb 20, 2025
DB2 SQLCODE -904: Troubleshooting Resource Exhaustion in Multithreaded Applications
DB2 SQLCODE -904 often indicates resource exhaustion in multithreaded apps due to simultaneous database access. Batch processing & connection pooling can prevent this error. Learn how to build robust, high-concurrency apps! #DB2 #SQLCODE #-904 #BatchProcessing #ConnectionPooling #ResourceExhaustion
https://tech-champion.com/database/db2luw/db2-sqlcode-904-troubleshooting-resource-exhaustion-in-multithreaded-applications/
eifoenDec 30, 2024
Steckdosen im Rang von #38c3eins defekt?
#TechnikerIstInformiert #Steckdosengate #ResourceExhaustion #38c3 #c3power
🛡 [email protected]/:~# Apr 5, 2024

HTTP/2 CONTINUATION Flood Vulnerability Analysis

Date: April 3, 2024
CVE: N/A
Vulnerability Type: CWE-400 (Resource Exhaustion)
CWE: [[CWE-400]]
Sources: nowotarski.info

Issue Summary

The CONTINUATION Flood vulnerability exploits a flaw in [[HTTP2 protocol]] implementations, causing server resource exhaustion. Identified by Bartek Nowotarski, it demonstrates a significant threat as it allows attackers to disrupt server availability with minimal resources. Unlike traditional attacks, this method is not visible in HTTP access logs, complicating detection and mitigation efforts.

Technical Key findings

Attackers initiate an infinite stream of CONTINUATION frames without the END_HEADERS flag, leading servers to allocate excessive resources for processing, resulting in CPU exhaustion or memory depletion. This vulnerability has been observed across various HTTP/2 implementations, including major servers like [[Apache]] and [[Node.js]]. The flaw's severity is amplified by its low detection rate, as affected requests do not appear in access logs.

Vulnerable products

Affected projects and products include [[Apache httpd]], [[Envoy]], and various HTTP/2 libraries, particularly in languages like [[Golang]], [[Ruby]], and [[Node.js]]. The vulnerability spans across implementations, affecting a broad range of servers utilizing HTTP/2.

Impact assessment

The CONTINUATION Flood vulnerability can severely impact server performance and availability. In extreme cases, it can crash servers or lead to a complete denial of service with minimal attacker effort. Its undetectability in standard logging mechanisms further complicates mitigation, potentially allowing attackers to exploit this vulnerability without immediate detection.

Patches or workaround

As of the reporting date, specific patches or workarounds were not mentioned. However, standard mitigation strategies for similar vulnerabilities include updating affected software, limiting frame sizes, and employing timeouts for incomplete header frame sequences.

Tags

#HTTP/2, #DoS, #ResourceExhaustion, #ServerVulnerability, #SecurityPatch

HTTP/2 `CONTINUATION` Flood: Technical Details

Preface In October 2023 I learnt about HTTP/2 Rapid Reset attack, dubbed “the largest DDoS attack to date”. I didn’t have deep knowledge of HTTP/2 back then. I knew it’s basics like frames or HPACK but I was focusing more on HTTP/1.1 protocol and programming languages vulnerabilities. I decided to dedicate time to exploring HTTP/2 from a security analysis perspective after concluding my then-current research. A quick intro to HTTP/2 The main difference between HTTP/1.

Harry SintonenFeb 14, 2024
Several #DNSSEC related #vulnerabilities disclosed resulting in #resourceexhaustion and potential #denialofservice of DNS servers. If you're running DNS server(s) such as #Bind, #Unbound or #PowerDNS update as soon as possible. Apparently also #dnsmasq is affected. https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ #infosec #cybersecurity
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC

'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge

The Register
minzmadeSep 7, 2023
toll, wenn man in #greifswald Menschen mit einem #resourceExhaustion-T-Shirt trifft - genau an dem Tag, an dem man selbst eben dieses Kleidungsstück trägt.  
Grüße nach #saarbrücken !
#36c3
Show threadapgwAug 13, 2022

Today the #transurban residency in the former #Rochdale Barrack started here in #Bielefeld. Theres one month of participatory program in parts of the barrack space, open for public for the first time:
https://trans-urban.de/programm22/

I did some (partly #solar) #lightinstallations on the topics of #climatecrisis & #resourceexhaustion.

#fhbfg #DMX #Design

Programm 2022 – TRANSURBAN

Das Programm der TRANSURBAN Residency 2022 in Bielefeld.

TRANSURBAN
Danni ITDec 9, 2020

https://todon.nl/@keinea49/105351225468809093

Die Räumung ist vorbei, wir sind aber nicht weg. Infrastruktur sich zu organisieren und zu bilden bleibt Teil des Wandels. Wir machen weiter! und ihr?

The eviction has finished for now, but we are not gone. Infrastructure to organize and educate is still part of the change we are living for. We go on! What about you?
#dannibleibt #keinea49 #resourceexhaustion

Keine A49 (@[email protected])

Die Räumung ist vorbei - wie geht der Widerstand weiter? Hier unsere Pressekonferenz von heute zum nachschauen: #Dannibleibt #keineA49 #Verkehrswende RT @[email protected] https://www.pscp.tv/w/cp9H2TFKUkVtclZhdnJ4UVB8MXpxSlZYZ3pYZ25LQtamEKsEIDaS_BavQXY19GsQgebn-aOv-XgUwqqsrQHA 🐦🔗: https://twitter.com/keinea49/status/1336613395588554754

todon.nl
wilkis🎈Nov 13, 2020
Die #Dannibleibt IT sucht noch folgende Hardware:
* LTE Router
* externe LTE Antennen
* PCI Netzwerkkarte (2 Ports)
* Computer (Tower, Notebooks)
* Netzwerkkabel (RJ45)
* Solarpanel
* 12 V Batterien
* 12 V Laderegler
* Netzwerkswitch (min. 100 Mbit/s)
* Laserdrucker
Ihr könnt mich gerne per PM anschreiben oder bei Rückfragen sind wir unter der +49-157-38210707 erreichbar.
#resourceexhaustion #hsd
Maxim PistosJun 20, 2020
#caturday #36c3 #mastocats #mastocat
#resourceexhaustion #cat