minizip, zlib security update

CentOS Errata and Security Advisory CESA-2023:1095 An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Denial Of Service (DoS)

github.com/russellhaering/gosaml2 is vulnerable to Denial Of Service DoS. The vulnerability exists because the library does not limit the maximum compression ratio achievable with deflate, possibly allowing an attacker to cause the process to crash by sending maliciously crafted deflate-compress...

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...

Medium: curl

Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...

gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb

Impact SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memory during processing than the size of the...

PT-2023-20674 · Gosaml2 · Gosaml2

Name of the Vulnerable Software and Affected Versions: gosaml2 versions prior to 0.9.0 Description: A bug in the gosaml2 library enables attackers to craft a deflate-compressed request which will consume significantly more memory during processing than the size of the original request. This may...

AZL-26732 CVE-2022-41723 affecting package kubevirt for versions less than 0.59.0-15

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact ...

USN-5891-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

Fedora 36 : curl (2023-94df30cbec)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-94df30cbec advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 Tenable has extracted the preceding description block directly from the Fedora security...