{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/microservices/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["nestjs","denial-of-service","microservices"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA denial-of-service vulnerability has been identified in the \u003ccode\u003e@nestjs/microservices\u003c/code\u003e package, specifically impacting versions up to and including 11.1.18. This vulnerability arises from the recursive nature of the \u003ccode\u003ehandleData()\u003c/code\u003e function when processing JSON messages over TCP. An attacker can exploit this by sending a single TCP frame containing numerous small, valid JSON messages. This triggers excessive recursion, rapidly consuming stack space and ultimately leading to a stack overflow. A relatively small payload of approximately 47 KB is sufficient to trigger the \u003ccode\u003eRangeError\u003c/code\u003e and cause the application to crash, effectively denying service to legitimate users. The vulnerability was discovered by \u003ca href=\"https://github.com/hwpark6804-gif\"\u003ehttps://github.com/hwpark6804-gif\u003c/a\u003e and has been addressed in version 11.1.19 of the \u003ccode\u003e@nestjs/microservices\u003c/code\u003e package.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker establishes a TCP connection to the NestJS microservice endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a TCP frame containing multiple small, valid JSON messages.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted TCP frame to the microservice.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ehandleData()\u003c/code\u003e function in \u003ccode\u003e@nestjs/microservices\u003c/code\u003e receives the TCP frame.\u003c/li\u003e\n\u003cli\u003eFor each JSON message in the frame, \u003ccode\u003ehandleData()\u003c/code\u003e recursively calls itself.\u003c/li\u003e\n\u003cli\u003eWith each recursive call, the buffer size shrinks, preventing the \u003ccode\u003emaxBufferSize\u003c/code\u003e from being reached.\u003c/li\u003e\n\u003cli\u003eThe call stack overflows due to the excessive recursion.\u003c/li\u003e\n\u003cli\u003eA \u003ccode\u003eRangeError\u003c/code\u003e is triggered, crashing the NestJS microservice and causing a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering the affected NestJS microservice unavailable. This can disrupt critical application functionality that relies on the microservice. While the specific number of victims or sectors targeted is unknown, any application using a vulnerable version of \u003ccode\u003e@nestjs/microservices\u003c/code\u003e is susceptible. A successful attack leads to application downtime and potential data loss or corruption if the microservice is responsible for data persistence.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003e@nestjs/microservices\u003c/code\u003e package to version 11.1.19 or later to remediate the vulnerability (reference: \u003ccode\u003e@nestjs/microservices@11.1.19\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Excessive TCP Data\u0026rdquo; to identify potential exploitation attempts by monitoring for unusually large TCP packets (reference: rule \u0026ldquo;Detect Excessive TCP Data\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections sending abnormally large amounts of data to NestJS microservice endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T00:15:09Z","date_published":"2026-04-14T00:15:09Z","id":"/briefs/2026-04-nestjs-dos/","summary":"A denial-of-service vulnerability exists in NestJS's @nestjs/microservices package, affecting versions 11.1.18 and earlier, where an attacker can send multiple small, valid JSON messages within a single TCP frame, causing a stack overflow.","title":"NestJS Microservices Denial-of-Service via Recursive handleData","url":"https://feed.craftedsignal.io/briefs/2026-04-nestjs-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Microservices","version":"https://jsonfeed.org/version/1.1"}