CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy [CVE-2024-45338]

Summary IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy, due to non-linearly parsing of input with respect to its length CVE-2024-45338 . Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

EUVD-2024-3617

Malicious code in bioql PyPI...

Medium: soci-snapshotter

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: soci-snapshotter Note: This advisory is applicable to...

Medium: runfinch-finch

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins (CVE-2024-45338)

The version of application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45338 advisory. - An attacker can craft an input t...

CVE-2024-45338

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service...

SUSE CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54498 CVE-2024-45338 affecting package cert-manager for versions less than 1.11.2-17

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54422 CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54464 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.7.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54549 CVE-2024-45338 affecting package cf-cli for versions less than 8.4.0-23

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54562 CVE-2024-45338 affecting package keda for versions less than 2.4.0-25

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54483 CVE-2024-45338 affecting package podman 4.1.1-26

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54461 CVE-2024-45338 affecting package cri-tools for versions less than 1.32.0-1

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-66912 CVE-2024-45338 affecting package cni for versions less than 1.0.1-20

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54398 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54500 CVE-2024-45338 affecting package kubernetes for versions less than 1.28.4-14

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...