42 matches found
ddev 路径遍历漏洞
ddev is an open-source local PHP and Node.js development environment tool developed by DDEV. Versions of ddev prior to 1.25.2 contained a path traversal vulnerability. This vulnerability stemmed from the Untar and Unzip functions not verifying paths properly, which could lead to path traversal wh...
libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
RHEL 8 : libarchive (RHSA-2026:8521)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8521 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...
RHEL 10 : libarchive (RHSA-2026:8492)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8492 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...
CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
...
CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
UBUNTU-CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
EUVD-2026-12031
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
AZL-79509 CVE-2026-2219 affecting package dpkg 1.20.10-1
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
OPENSUSE-SU-2026:20330-1 Security update for python-uv
This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during package installation can lead to arbitrary code execution bsc1258993...
PT-2026-5940
Name of the Vulnerable Software and Affected Versions Articentgroup Zip Rar Extractor Tool version 1.345.93.0 Description The Articentgroup Zip Rar Extractor Tool is susceptible to a Directory Traversal issue. This flaw is located within the ZIP file processing component, specifically in the part...
Articentgroup Zip Rar Extractor Tool 安全漏洞
The Articentgroup Zip Rar Extractor Tool is a decompression tool developed by the Articentgroup company in the United States. The version 1.345.93.0 of the Articentgroup Zip Rar Extractor Tool contains a security vulnerability, which stems from a directory traversal vulnerability present in the Z...
CVE-2025-61728
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
PT-2026-25310
Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...
CVE-2025-63365
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...
CVE-2025-63371
CVE-2025-63371 affects OneCommander 3.102.0.0. The vulnerability stems from the ZIP file processing component during extraction, enabling potential directory traversal via ZIP archive contents. Public documents consistently describe the flaw, but do not provide a confirmed fix version or remediat...