OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)

Summary The tar.bz2 installer path in src/agents/skills-install-download.ts used shell tar preflight/extract logic that did not share the same hardening guarantees as the centralized archive extractor. This allowed crafted .tar.bz2 archives to bypass special-entry blocking and extracted-size...

EUVD-2005-1533

Malware in sbrugna...

USN-3935-1 busybox vulnerabilities

Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....

UBUNTU-CVE-2016-5399

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted bz2 archive...

CVE-2005-1530

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service CPU consumption by infinite loop via a Bzip2 archive with a large 'Extra field length' value...

CVE-2005-1530

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service CPU consumption by infinite loop via a Bzip2 archive with a large 'Extra field length' value...