785 matches found
bzip2: Fix of CVE-2019-12900
CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...
avro-oom-compression-poc
Avro Decompression Bomb PoC CWE-409 Proof of concept demons...
CLSA-2026-1777969769 bzip2: Fix of CVE-2019-12900
CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...
CLSA-2026-1777940008 python3: Fix of CVE-2026-6100
CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...
CLSA-2026-1777569671 python3: Fix of CVE-2026-6100
CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...
CLSA-2026-1776956583 bzip2: Fix of 2 CVEs
CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...
CLSA-2026-1776965760 bzip2: Fix of 2 CVEs
CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...
CLSA-2026-1776961553 bzip2: Fix of 2 CVEs
CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...
CVE-2026-6100
Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...
PT-2026-32487
Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description A use-after-free UAF issue exists in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This occurs when a memory allocation fails with a MemoryError and the decompression instanc...
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...
NewStart CGSL MAIN 6.06 (SP) : bzip2 Vulnerability (NS-SA-2026-0013)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has bzip2 packages installed that are affected by a vulnerability: - Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends...
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)
Summary The tar.bz2 installer path in src/agents/skills-install-download.ts used shell tar preflight/extract logic that did not share the same hardening guarantees as the centralized archive extractor. This allowed crafted .tar.bz2 archives to bypass special-entry blocking and extracted-size...
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...
GHSA-54P8-X2M9-C593 malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources. This report is an aggregate of these individual reports for the affected code: Advisory | Affected File -- | -- GHSA-jjgh-mc5q-gch7 | pkg/action/scan.go GHSA-mwmf-fxh2-w4x7 |...
SUSE-SU-2026:20592-1 Security update for 7zip
This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...
OPENSUSE-SU-2026:20273-1 Security update for 7zip
This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...
MiracleLinux 9 : bzip2-1.0.8-10.el9_5 (AXSA:2025-9645:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9645:02 advisory. bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 Tenable has extracted the preceding description block...
MiracleLinux 8 : bzip2-1.0.6-27.el8_10 (AXSA:2024-8983:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8983:01 advisory. bzip2: out-of-bounds write in function BZ2decompress CVE-2019-12900 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 3 : bzip2-1.0.3-6.AXS3 (AXSA:2010-453:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-453:01 advisory. bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better th...