155 matches found
Improper Handling of Highly Compressed Data (Data Amplification)
Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress functio...
Security Bulletin: IBM Storage Ceph is vulnerable to Data Amplification in Go-Jose in Grafana (CVE-2024-28180)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-28180 Vulnerability Details CVEID:CVE-2024-28180 DESCRIPTION: Package jose aims to provide an implementation of the Javascript Object...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via a specially crafted wxapkg file. An attacker can cause resource consumption by sending specially crafted zip files that exploit the decompression process and convincing ...
GO-2025-3533 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter...
CVE-2024-54016
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to the improper handling of highly compressed data. An attacker can cause the server to become unresponsive and exhaust system memory by uploading and repeatedly parsing...
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
CVE-2024-7765
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
CVE-2024-7765 Denial of Service in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
CVE-2024-7765 Denial of Service in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
CVE-2024-7765 Denial of Service in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
CVE-2024-7765
CVE-2024-7765 affects h2oai/h2o-3, version 3.46.0.2. The vulnerability arises from improper handling of highly compressed data during uploading and repeated parsing of large GZIP files, causing memory exhaustion and a surge of slow-running jobs that render the server unresponsive (DoS). Root caus...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation Upgrade org.apache.seata:seata-compressor-zstd to version...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...
GHSA-65VG-64G8-MWJR Apache Seata Vulnerable to Data Amplification
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
Apache Seata Vulnerable to Data Amplification
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016 compression bomb attack in Apache Seata Server
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016
CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...