Lucene search
K

155 matches found

Snyk
Snyk
added 2025/09/03 10:42 p.m.7 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress functio...

8.7CVSS7.2AI score0.00561EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:51 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Data Amplification in Go-Jose in Grafana (CVE-2024-28180)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-28180 Vulnerability Details CVEID:CVE-2024-28180 DESCRIPTION: Package jose aims to provide an implementation of the Javascript Object...

4.3CVSS6.6AI score0.01956EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/07/10 5:50 p.m.1 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...

9.8CVSS6.9AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/21 6:33 p.m.2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via a specially crafted wxapkg file. An attacker can cause resource consumption by sending specially crafted zip files that exploit the decompression process and convincing ...

3.1CVSS6.8AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2025/03/26 5:24 p.m.8 views

GO-2025-3533 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter...

7.5CVSS6.7AI score0.00497EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/22 9:18 a.m.15 views

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS6.8AI score0.00567EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to the improper handling of highly compressed data. An attacker can cause the server to become unresponsive and exhaust system memory by uploading and repeatedly parsing...

8.7CVSS6.9AI score0.00719EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.12 views

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS6.7AI score0.00719EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-7765

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS0.00719EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-7765 Denial of Service in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS7.4AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:8 a.m.10 views

CVE-2024-7765 Denial of Service in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS7AI score0.00719EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.12 views

CVE-2024-7765 Denial of Service in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS0.00719EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:8 a.m.59 views

CVE-2024-7765

CVE-2024-7765 affects h2oai/h2o-3, version 3.46.0.2. The vulnerability arises from improper handling of highly compressed data during uploading and repeated parsing of large GZIP files, causing memory exhaustion and a surge of slow-running jobs that render the server unresponsive (DoS). Root caus...

7.5CVSS6.8AI score0.00719EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/03/20 9:30 a.m.5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation Upgrade org.apache.seata:seata-compressor-zstd to version...

5.3CVSS6.9AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 9:30 a.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...

5.3CVSS6.9AI score0.00567EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 9:30 a.m.46 views

GHSA-65VG-64G8-MWJR Apache Seata Vulnerable to Data Amplification

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

6.9CVSS7.1AI score0.00567EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/20 9:30 a.m.14 views

Apache Seata Vulnerable to Data Amplification

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS6.8AI score0.00567EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/03/20 9:15 a.m.22 views

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS0.00567EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 8:59 a.m.19 views

CVE-2024-54016 compression bomb attack in Apache Seata Server

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS5.9AI score0.00567EPSS
Exploits0References4
CVE
CVE
added 2025/03/20 8:59 a.m.66 views

CVE-2024-54016

CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...

4.3CVSS6.5AI score0.00567EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder