A specially crafted packet containing illegal TCP-options can result in the victim not just dropping the TCP-segment but also drop the TCP-session. This vulnerability affects established TCP sessions. An attacker who can figure out the source and destination TCP port and IP addresses of a session can inject invalid TCP segments into the flow, causing the TCP session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome is a crash of the application reading from the affected socket.
A potential denial of service (DoS) attack vector was discovered on the project languages endpoint.
An regex input validation issue for the .gitlab-ci.yml refs value was discovered which could allow an attacker to execute a denial of service (DoS) on the platform.