CVE-2026-53430

CVE-2026-53430 describes a DoS in elixir-grpc GRPC.Compressor.Gzip.decompress/1 where :zlib.gunzip/1 is called directly on attacker-controlled input without a decompressed-size limit, enabling a gzip decompression bomb. The registered gzip GRPC.Compressor runs automatically for frames with grpc-e...

CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

PT-2026-48924

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can supply an...

CVE-2026-5438

CVE-2026-5438 describes a gzip decompression bomb vulnerability in Orthanc when processing HTTP requests with Content-Encoding: gzip. The server does not enforce decompressed size limits and may allocate memory based on attacker-controlled compression metadata, potentially leading to memory exhau...

curl: Unbounded GZIP Decompression Leading to Event-Loop Starvation

When libcurl is configured to decompress HTTP responses via CURLOPTACCEPTENCODING or the --compressed CLI flag, it lacks decompression bounds checking or a mechanism to yield execution during massive expansion tasks. If an attacker provides a highly compressed payload zip bomb, libcurl's underlyi...

EUVD-2021-2346

Malware in sbrugna...

EUVD-2018-7208

Malware in sbrugna...

EUVD-2025-6985

Malicious code in bioql PyPI...

SUSE CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

GHSA-V464-R2R9-WWW7 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the makeRequestWithRetry and getAuthorizationToken functions. An attacker can cause the server to crash by sending a specially crafted gzip bomb HTTP response. Details Denial of Service DoS describes a family o...

Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

CVE-2024-12886

CVE-2024-12886 affects ollama/ollama up to version 0.3.14 with an Out-Of-Memory (OOM) DoS when a gzip bomb is processed. The root cause is reading the response body via io.ReadAll in makeRequestWithRetry and getAuthorizationToken, leading to excessive memory usage and crash. Multiple sources (NVD...

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

Ollama 资源管理错误漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A resource management error vulnerability exists in Ollama version 0.3.14 that stems from not properly handling gzip bomb responses, which could lead to memory exhaustion and denial of service attack...