86 matches found
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: gzip: gzip-1.14-2.2.hum1 aarch64, x8664 gzip-1.14-2.2.hum1.src src Security Fixes: gzip: CVE-2026-41911 CVE-2026-41991...
CVE-2026-41992
GNU gzip is affected by a global buffer overflow in the LZH decompression logic caused by reusing a shared global state across LZ77/LZW/LZH within a single run. The vulnerability arises from a global array not reinitialized between files, enabling an attacker to deplete or poison the shared state...
PT-2026-53256
Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a glob...
MiracleLinux 9 : gzip-1.10-9.el9 (AXSA:2022-3914:03)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3914:03 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 7 : gzip-1.5-11.el7 (AXSA:2022-3181:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3181:02 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 3 : gzip-1.3.5-11.1.1.AXS3 (AXSA:2010-76:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-76:01 advisory. The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Security bugs fixed with this release: CVE-2010-00...
EUVD-2005-1231
Malware in sbrugna...
EUVD-2006-4323
Malware in sbrugna...
EUVD-2006-4322
Malware in sbrugna...
EUVD-2019-10462
Malware in sbrugna...
EUVD-2005-0989
Malware in sbrugna...
EUVD-2009-2619
Malware in sbrugna...
EUVD-2006-4326
Malware in sbrugna...
EUVD-2006-4324
Malware in sbrugna...
jetty-server: Jetty: Gzip Request Body Buffer Corruption
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...
USN-7630-1 resteasy, resteasy3.0 vulnerabilities
It was discovered that RESTEasy made insufficient use of random values in asynchronous jobs. An attacker could possibly use this issue to steal user data. This issue only affected Ubuntu 16.04 LTS. CVE-2016-6345 It was discovered that RESTEasy enabled a vulnerable GZIP decompression module by...
CVE-2024-13009
CVE-2024-13009 (Jetty) affects Jetty 9.4.0–9.4.56 where a gzip error during inflating a request body can cause a buffer to be released incorrectly, potentially corrupting or sharing data between requests. Public IBM bulletins tie this CVE to IBM QRadar SIEM, IBM Storage Scale, and Tivoli Netcool/...
CVE-2025-0725 gzip integer overflow
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...
CVE-2025-0725
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...
USN-6335-1 busybox vulnerabilities
It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary...