Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated...

7.5CVSS6AI score0.00215EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 9...

7.5CVSS6AI score0.00243EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

DEBIAN-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 1:19 p.m.8 views

CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 1:19 p.m.8 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS0.00243EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 1:19 p.m.8 views

UBUNTU-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.7AI score0.00243EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

UBUNTU-CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 12:1 p.m.32 views

CVE-2026-53433 Denial of Service in fzf

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

5.7CVSS0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 12:1 p.m.10 views

EUVD-2026-40303

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

5.7CVSS5.7AI score0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:1 p.m.5 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS5.8AI score0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 12:1 p.m.7 views

EUVD-2026-40302

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS5.8AI score0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 12:1 p.m.15 views

CVE-2026-53432

CVE-2026-53432 (fzf) affects the fzf project, specifically the FuzzyMatchV2 function. Affected scenario involves processing extremely long input lines (≈2,200,000 bytes) with a pattern length of 999 bytes, which causes an integer overflow and triggers a non-recoverable panic, terminating the proc...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/30 12:1 p.m.30 views

CVE-2026-53432 Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS0.00243EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 12:1 p.m.5 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS5.8AI score0.00243EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS6.1AI score0.0022EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.6 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/06 10:10 p.m.14 views

Zarf's symlink targets in archives are not validated against destination directory

Summary A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. What users should do Upgrade immediately to version...

8.2CVSS6.2AI score0.0022EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/06 5:16 p.m.5 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/06 4:13 p.m.4 views

CVE-2026-29064 Zarf: Symlink targets in archives are not validated against destination directory

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/06 4:13 p.m.34 views

CVE-2026-29064 Zarf: Symlink targets in archives are not validated against destination directory

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.0022EPSS
Exploits1References2
Rows per page
Query Builder