215 matches found
CVE-2024-47736
CVE-2024-47736 relates to the Linux kernel EROFS handling of overlapped pclusters in crafted images. The issue caused a potential task hang/deadlock while waiting on the folio lock during cache I/O, triggered by fuzzed images with overlapping big pclusters. Root causes described include mis-arran...
The vulnerability of the btrfs component of the Linux operating system’s kernel, related to writing beyond the memory boundaries, allows a hacker to trigger a service failure.
The vulnerability of the btrfs component in Linux operating systems relates to the copying of overly large compressed segments. The compressed length may be corrupted, resulting in a much larger amount of memory being allocated for the buffer. Exploiting this vulnerability can allow an attacker t...
DEBIAN-CVE-2024-42273
In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEGALLDATAATGC if blkaddr is valid mkdir /mnt/test/comp f2fsio setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile In the above...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the f2fs file system to properly handle scenarios where blkaddr is valid when processing...
Medium: nerdctl
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
AlmaLinux 8 : container-tools:rhel8 bug fix and enhancement update (Medium) (ALSA-2024:3968)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3968 advisory. podman: jose-go: improper handling of highly compressed data CVE-2024-28180 buildah: jose-go: improper handling of highly compressed data CVE-2024-28180...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
RHEL 8 : container-tools:rhel8 update (Moderate) (RHSA-2024:3968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3968 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman:...
Moderate: container-tools:rhel8 bug fix and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: jose-go: improper handling of highly compressed data CVE-2024-28180 buildah: jose-go: improper handling of highly compressed data CVE-2024-28180 podman: jose-g...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
RLSA-2024:2549 Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...
RHCOS 4 : OpenShift Container Platform 4.14.24 (RHSA-2024:2672)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2672 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...