AZL-43807 CVE-2023-6992 affecting package teckit 2.5.9-4

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-44754 CVE-2023-6992 affecting package fltk for versions less than 1.3.8-1

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-43969 CVE-2023-6992 affecting package ogdi 4.1.0-9

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

Security Bulletin: Vulnerability in zlib affect OS Image for AIX Systems shipped with IBM Cloud Pak System [CVE-2018-25032]

Summary Vulnerability in zlib affect OS Image for AIX Systems shipped with IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote...

CLSA-2023-1699380056 rsync: Fix of 2 CVEs

CVE-2018-25032: fix a bug that can crash deflate on some input when using ZFIXED - CVE-2022-37434: fix zlib bug with a large gzip header extra field...

[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

Cisco Secure Web Appliance Content Encoding Filter Bypass (cisco-sa-wsa-bypass-vXvqwzsj)

According to its self-reported version, the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper...

GO-2023-1664 Denial of service via deflate compression bomb in github.com/crewjam/saml

Denial of service via deflate compression bomb in github.com/crewjam/saml...

Vulnerability discovered in Cisco Secure Web Appliance

A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...

The vulnerability of Cisco AsyncOS operating system’s scanning mechanism for Cisco Secure Web Appliances allows attackers to circumvent traffic blocking rules.

The vulnerability of the Cisco AsyncOS operating system’s scanning mechanism for the Cisco Secure Web Appliance is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent traffic blocking rules when encoding types such as deflate, lzma,...

PT-2023-4106 · Cisco · Cisco Secure Web Appliance +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Web Appliance versions affected versions not specified Description: The issue is related to a flaw in the scanning mechanism of Cisco AsyncOS for Cisco Secure Web Appliance, specifically concerning inadequate access control. This...

EulerOS Virtualization 2.10.0 : binutils (EulerOS-SA-2023-1915)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2023-1654)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

Security Bulletin: A Denial of Service Vulnerability in Zlib affects IBM SPSS Statistics (CVE-2018-25032)

Summary There is a vulnerability in the Zlib version used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the vulnerability. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By usin...

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

GHSA-5MQJ-XC49-246P crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

Our use of flate.NewReader does not limit the size of the input. The user could pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possib...

crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

Our use of flate.NewReader does not limit the size of the input. The user could pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possib...

Design/Logic Flaw

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...