28 matches found
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...
SUSE CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
ROS-20250825-01
Vulnerability of Srio archiving utility is related to errors in TAR file header verification. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
picklescan 数据伪造问题漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A data forgery issue vulnerability exists in versions of picklescan prior to 0.0.23, which stems from an inability to detect a malicious pickle file with a modified ZIP file header, which could lead to arbitrar...
BIT-GOLANG-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:1819)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1819 advisory. - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm...
SUSE CVE-2015-8920
The arreadheader function in archivereadsupportformatar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds stack read via a crafted ar file...
SUSE CVE-2017-15996
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper...
Amazon Linux 2 : golang (ALAS-2022-1811)
The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
DEBIAN-CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
CVE-2021-39293: In Go's archive/zip, a crafted ZIP header can cause a panic. Connected advisories show affected Go versions include: Go before 1.15.13 and 1.16.x before 1.16.5 (Astra Linux), and the initial entry references Go 1.16.8 and 1.17.1 as contexts. Several advisories note this as an inco...
SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:3292-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3292-1 advisory. - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cau...
CVE-2017-15996
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper...
Buffer overflow
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper...