230 matches found
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory up to 32 MB per block before...
Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...
CVE-2026-24264
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-24264
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-24264
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...
Multiple vulnerabilities in Fluentd
Overview Fluentd provided by Fluentd Project contains multiple vulnerabilities listed below. Path traversal in $tag Placeholder CWE-22 - CVE-2026-44024 Missing authentication for critical function in Monitor Agent API CWE-306 - CVE-2026-44025 Improper handling of highly compressed data in inhttp...
EUVD-2026-40020
A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the inhttp and inforward plugins when decompressing gzip-compressed data. An attacker can cause excessive memory consumption by sending a highly compressed payload that...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
Ultimate Sitemap Parser (USP): Gzip Decompression Bomb Bypasses Sitemap Size Limit
Gzip Decompression Bomb Bypasses Sitemap Size Limit Summary ultimate-sitemap-parser enforces a 100 MiB size limit on sitemap responses, but applies it only to the compressed bytes received over the network. When a .gz sitemap is fetched, usp/helpers.py:239 calls gziplib.decompressdata with no...
EUVD-2026-37014
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification during cleanup. An attacker can exhaust system memory by sending a specially crafted compressed payload that is decompressed into memory in a single chunk. Remediation Upgra...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the REDIRECT binding. An attacker can exhaust system...
CVE-2026-49755
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Batch.Decompress function. An attacker can cause excessive memory allocation on the receiving node by sending a specially crafted compressed P2P gossip payload,...
Astra Linux – Vulnerability in busybox
The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...
CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
ROS-20260506-73-0045
Vulnerability in erlang related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...
RHCOS 4 : OpenShift Container Platform 4.13.41 (RHSA-2024:2049)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2049 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...