Backup Copy or Replication job using WAN accelerators fails with "Source WAN accelerator error: Failed to decompress LZ4 block"

Challenge A Backup Copy or Replication job that uses WAN accelerator fails with any of the following errors: Error: Source WAN accelerator error: Failed to decompress LZ4 block: Bad crc Error: Source WAN accelerator error: Failed to decompress LZ4 block: Incorrect decompression result or length...

Lizard Denial of Service Vulnerability

Lizard formerly known as LZ5 is a lossless compression software package. A security vulnerability exists in the 'LizarddecompressLIZv1' function lib/lizarddecompressliz.h file in Lizard version 1.0 and LZ5 version 2.0, which stems from the program's failure to correctly detect buffer size. A remo...

Libmobi Remote Code Execution Vulnerability

Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A security vulnerability exists in the 'mobidecompresslz77' function of the compression.c file in Libmobi version 0.3. A remote attacker can exploit this vulnerability to execute code heap-based buffer...

CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

PYSEC-2018-126

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...

UBUNTU-CVE-2018-10685

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

libxml Denial of Service Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzdecomp' function of the xzlib.c file in libxml2 version 2.9.8. A remote...

UBUNTU-CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

dayucms v1.527 File Upload Vulnerability

DayuCMS is a free, open source, flexible and simple CMS system. dayucms v1.527 in the file upload vulnerability , the attacker vulnerability by uploading a zip file containing a Trojan horse , the system will automatically decompress , so as to obtain the webshell...

Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability

Summary A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. Tested Versions Simple DirectMedia Layer...

[SECURITY] Fedora 27 Update: suricata-4.0.4-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

openSUSE Security Update : p7zip (openSUSE-2018-188)

This update for p7zip fixes the following security issues : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR decompression...

SUSE SLED12 / SLES12 Security Update : p7zip (SUSE-SU-2018:0464-1)

This update for p7zip fixes the following issues: Security issues fixed : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR...

SUSE-SU-2018:0464-1 Security update for p7zip

This update for p7zip fixes the following issues: Security issues fixed: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR...

RDPY - Remote Desktop Protocol in Twisted Python

RDPY is a pure Python implementation of the Microsoft RDP Remote Desktop Protocol protocol client and server side. RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication through ntlmv2 authentication protocol. RDPY...

The vulnerability of the libarchive library, which exists due to a resource management error, allows a hacker to cause a service failure.

The vulnerability of the libarchive library exists due to a resource management flaw—the absence of limits on the number of archives that can be decompressed. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by using a specially created gz...

[SECURITY] [DLA 1239-1] poco security update

Package : poco Version : 1.3.6p1-4+deb7u1 CVE ID : CVE-2017-1000472...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

Path traversal

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...