Lucene search
K

49 matches found

RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-59873

A flaw was found in node-tar, a tar archive manipulation library for Node.js. This vulnerability allows a remote attacker to craft a small gzip bomb, which, when processed, can lead to the exhaustion of disk space and CPU resources. This occurs because node-tar does not enforce strict limits on t...

9.2CVSS5.8AI score0.00358EPSS
Exploits1References6
CVE
CVE
added 4 days ago40 views

CVE-2026-44160

Fluentd CVE-2026-44160 affects in_http and in_forward plugins prior to 1.19.3, where gzip-compressed payloads were restricted only by body_size_limit and chunk_size_limit. Crafted compressed data can decompress in memory to an excessive size, causing DoS via memory exhaustion. The issue is fixed ...

7.5CVSS7.2AI score0.0063EPSS
Exploits0References4
NVD
NVD
added 4 days ago9 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS0.00358EPSS
Exploits1References3
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42305

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56493

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52645

Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...

7.5CVSS5.8AI score
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.34 views

CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS0.00348EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.9 views

CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:55 p.m.63 views

CVE-2026-53430

CVE-2026-53430 describes a DoS in elixir-grpc GRPC.Compressor.Gzip.decompress/1 where :zlib.gunzip/1 is called directly on attacker-controlled input without a decompressed-size limit, enabling a gzip decompression bomb. The registered gzip GRPC.Compressor runs automatically for frames with grpc-e...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.13 views

NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

7.5CVSS7.4AI score0.01008EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48924

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

7.5CVSS7.3AI score0.01008EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.11 views

NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can supply an...

5.2AI score0.00042EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/09 2:44 p.m.24 views

CVE-2026-5438

CVE-2026-5438 describes a gzip decompression bomb vulnerability in Orthanc when processing HTTP requests with Content-Encoding: gzip. The server does not enforce decompressed size limits and may allocate memory based on attacker-controlled compression metadata, potentially leading to memory exhau...

7.5CVSS5.9AI score0.00484EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2026/03/27 6:1 p.m.11 views

curl: Unbounded GZIP Decompression Leading to Event-Loop Starvation

When libcurl is configured to decompress HTTP responses via CURLOPTACCEPTENCODING or the --compressed CLI flag, it lacks decompression bounds checking or a mechanism to yield execution during massive expansion tasks. If an attacker provides a highly compressed payload zip bomb, libcurl's underlyi...

6.3AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7208

Malware in sbrugna...

7.8CVSS7.6AI score0.01344EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2346

Malware in sbrugna...

6.5CVSS6.4AI score0.00822EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-6985

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00672EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2025/03/22 2:27 p.m.3 views

SUSE CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

7.5CVSS6.9AI score0.00672EPSS
Exploits2References4
Rows per page
Query Builder