Lucene search
K

35 matches found

OSV
OSV
added 2025/07/10 7:39 p.m.5 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS6.6AI score0.00444EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/10 7:38 p.m.8 views

CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

8.7CVSS0.00461EPSS
Exploits0References3
OSV
OSV
added 2025/07/10 7:38 p.m.5 views

CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

8.7CVSS6.6AI score0.00461EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/10 7:38 p.m.4 views

CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

8.7CVSS7.2AI score0.00461EPSS
Exploits0References3
CVE
CVE
added 2025/07/10 7:38 p.m.29 views

CVE-2025-53633

CVE-2025-53633 affects Chall-Manager. The vulnerability arises when decoding a scenario (zip archive): the decoded content size is not checked, allowing potential zip-bomb decompression. Exploitation does not require authentication or authorization. A patch was implemented in commit 14042aa and s...

9.8CVSS6.6AI score0.00461EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/07/10 7:36 p.m.45 views

CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

8.8CVSS0.00718EPSS
Exploits1References3
OSV
OSV
added 2025/07/10 7:36 p.m.14 views

CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

8.8CVSS6.6AI score0.00718EPSS
Exploits1References5
CVE
CVE
added 2025/07/10 7:36 p.m.27 views

CVE-2025-53632

CVE-2025-53632 affects Chall-Manager and describes a path traversal (zip slip) vulnerability during the decoding/extraction of a scenario archive. The root cause is that the target path for extracted files is not checked, enabling arbitrary file writes and potential impact on integrity and availa...

9.1CVSS6.7AI score0.00718EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/07/10 5:50 p.m.0 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...

9.8CVSS6.9AI score0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.2 views

PT-2025-29154 · Unknown · Callmanager

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager is susceptible to a zip bomb decompression issue when decoding scenario zip archives. The vulnerability does not require authentication or authorization for exploitation...

9.8CVSS6.5AI score0.00461EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-29155 · Unknown · Callmanager

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...

8.7CVSS6.4AI score0.00444EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.0 views

PT-2025-29153 · Unknown · Callmanager

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager is a platform-agnostic system designed to initiate challenges on demand. A zip slip condition exists when decoding scenarios zip archives due to a lack of path validation during...

9.1CVSS6.4AI score0.00718EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from a failure to check the size of the contents when decompressing a zip file, which could lead to a zip bomb decompression...

9.8CVSS6.3AI score0.00461EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.5 views

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...

8.7CVSS6.2AI score0.00444EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.18 views

Chall-Manager 路径遍历漏洞

Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...

9.1CVSS6.5AI score0.00718EPSS
Exploits1References5
Rows per page
Query Builder