curl: CVE-2022-32206: HTTP compression denial of service

Summary: Curl does not prevent resource consumption when processing certain header types, but keeps on allocating more and more resources until the application terminates or the system crashes, see below. The attack vectors include at least: - Sending many Transfer-Encodingwith repeated encodings...

PT-2022-5561

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.84.0 Description The issue concerns the support for "chained" HTTP compression algorithms in curl, where a server response can be compressed multiple times with different algorithms. A malicious server can exploit this...

CVE-2020-11612

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

[SECURITY] [DLA 3005-1] lrzip security update

Debian LTS Advisory DLA-3005-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera May 13, 2022 https://wiki.debian.org/LTS Package : lrzip Version : 0.631-1+deb9u3 CVE ID : CVE-2022-28044 lrzip, a compression program, was found to have a heap memory corruption bug. Fo...

minizip, zlib security update

CentOS Errata and Security Advisory CESA-2022:2213 An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : rsync (RHSA-2022:2201)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2201 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

rsync security update

An update is available for rsync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...

Fedora: Security Advisory for wavpack (FEDORA-2022-7df99d9f80)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian: Security Advisory (DLA-2993-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: wavpack-5.4.0-5.fc36

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Important: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...