Lucene search
K

230 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory up to 32 MB per block before...

7.5CVSS5.9AI score0.00429EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 4:16 p.m.12 views

CVE-2026-24264

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00774EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:11 p.m.7 views

CVE-2026-24264

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS5.8AI score0.00774EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/01 3:11 p.m.15 views

CVE-2026-24264

CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...

7.5CVSS5.8AI score0.00774EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/01 3:11 p.m.40 views

CVE-2026-24264

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00774EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/29 5:18 a.m.8 views

Multiple vulnerabilities in Fluentd

Overview Fluentd provided by Fluentd Project contains multiple vulnerabilities listed below. Path traversal in $tag Placeholder CWE-22 - CVE-2026-44024 Missing authentication for critical function in Monitor Agent API CWE-306 - CVE-2026-44025 Improper handling of highly compressed data in inhttp...

9.8CVSS6AI score0.01107EPSS
Exploits0References17
EUVD
EUVD
added 2026/06/29 1:30 a.m.9 views

EUVD-2026-40020

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/26 4:35 p.m.6 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the inhttp and inforward plugins when decompressing gzip-compressed data. An attacker can cause excessive memory consumption by sending a highly compressed payload that...

8.7CVSS5.8AI score0.0063EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 8:56 p.m.8 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.13 views

Ultimate Sitemap Parser (USP): Gzip Decompression Bomb Bypasses Sitemap Size Limit

Gzip Decompression Bomb Bypasses Sitemap Size Limit Summary ultimate-sitemap-parser enforces a 100 MiB size limit on sitemap responses, but applies it only to the compressed bytes received over the network. When a .gz sitemap is fetched, usp/helpers.py:239 calls gziplib.decompressdata with no...

5.8AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/15 9:55 p.m.8 views

EUVD-2026-37014

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 8:9 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification during cleanup. An attacker can exhaust system memory by sending a specially crafted compressed payload that is decompressed into memory in a single chunk. Remediation Upgra...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 1:13 a.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the REDIRECT binding. An attacker can exhaust system...

8.7CVSS5.3AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:20 p.m.6 views

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

8.2CVSS5.5AI score0.00438EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 7:18 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Batch.Decompress function. An attacker can cause excessive memory allocation on the receiving node by sending a specially crafted compressed P2P gossip payload,...

8.7CVSS5.8AI score0.0038EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in busybox

The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...

7.5CVSS6.8AI score0.02719EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:17 p.m.8 views

CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS0.00511EPSS
Exploits0References3
Redos
Redos
added 2026/05/06 12:0 a.m.9 views

ROS-20260506-73-0045

Vulnerability in erlang related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

6.9CVSS7.2AI score0.00644EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.13.41 (RHSA-2024:2049)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2049 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...

8.6CVSS7AI score0.91969EPSS
Exploits1References8
Rows per page
Query Builder