K000161631: libmspack vulnerability CVE-2018-18585

Security Advisory Description chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name. CVE-2018-18585 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

MiracleLinux 7 : libmspack-0.5-0.6.alpha.el7 (AXSA:2018-3385:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3385:01 advisory. libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks CVE-2018-14679 libmspack: off-by-one error in the CHM chunk number...

Astra Linux – Vulnerability in ruby-webrick

Ruby WEBrick’s readheaders method exposes a vulnerability related to HTTP request smuggling. This vulnerability allows remote attackers to inject arbitrary HTTP requests into affected installations of Ruby WEBrick. This issue becomes exploitable when the product is deployed behind an HTTP proxy...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the readheaders process. An attacker can manipulate server-visible metadata, logging, and authorization decisions by injecting specially crafted HTTP headers that are processed before internal server headers,...

The vulnerability of the read_headers() function in the cpp-httplib library allows a hacker to cause a service failure.

The vulnerability of the readheaders function in the cpp-httplib library is related to an uncontrolled resource consumption during the processing of headers. Exploiting this vulnerability could allow a malicious actor to cause service failures...

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling via the readheaders method. An attacker can exploit inconsistent parsing of HTTP header...

CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

AZL-64352 CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

Webrick 环境问题漏洞

Webrick is an HTTP server toolkit open-sourced by The Ruby Programming Language. Webrick suffers from an environment issue vulnerability that stems from inconsistent parsing of HTTP header terminators by the readheaders method, which could lead to an HTTP request entrapment attack...

SUSE CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

SUSE CVE-2018-14681

An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite...

SUSE CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

libmspack: buffer overflow in function chmd_read_headers()

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

Libmspack Buffer Overflow Vulnerability (CNVD-2019-23044)

Libmspack is a library that can compress and decompress files in CAB, CHM and HLP formats. A buffer overflow vulnerability exists in the 'chmdreadheaders' function in Libmspack version 0.9.1alpha. The vulnerability stems from a networked system or product performing operations in memory without...

UBUNTU-CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

PT-2019-4926

Name of the Vulnerable Software and Affected Versions libmspack version 0.9.1alpha Description The issue is caused by a buffer overflow in the chmd read headers function in the libmspack library, which can allow a remote attacker to disclose protected information using a specially crafted chm fil...

libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c

An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite...

DEBIAN-CVE-2018-18585

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

libmspack Buffer Overflow Vulnerability

Libmspack is a library that can compress and decompress files in CAB, CHM and HLP formats. A security vulnerability exists in the 'chmdreadheaders' function in the mspack/chmd.c file in versions of Libmspack prior to 0.8alpha. No details of the vulnerability are provided at this time...

ALPINE-CVE-2018-14681

An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite...