CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

ROS-20260506-73-0045

Vulnerability in erlang related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

RHCOS 4 : OpenShift Container Platform 4.13.41 (RHSA-2024:2049)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2049 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...

Astra Linux - уязвимость в busybox

The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...

CLSA-2026-1777642326 ImageMagick: Fix of CVE-2026-24481

CVE-2026-24481: heap information disclosure in PSD format handler via uninitialized memory in ZIP-compressed layer data...

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20617-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20617-1 advisory. This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed da...

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

Security Bulletin: High Resource Consumption Vulnerability in urllib3 Streaming API Due to Improper Handling of Highly Compressed Data (≤ v2.6.0) affects watsonx.data

Summary A vulnerability in the urllib3 Streaming API versions 1.0 through 2.6.0 allows highly compressed HTTP responses to be decompressed in a way that can consume excessive system resources. When processing compressed data e.g., gzip or brotli, the library may fully decompress a small input int...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the archive extraction process. An attacker can exhaust server memory by uploading specially crafted zip archives containing highly compressed entries. Remediation Upgrad...

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the ContentReader process when handling requests with Content-Encoding: gzip. An attacker can cause excessive resource consumption by sending a small compressed payload...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005389 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the compression module. An attacker can cause application crashes...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function. An attacker can exhaust memory and CPU resources and cause a server crash by sending a specially crafted HTTP request containing highly compressed...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function. An attacker can exhaust memory and CPU resources and cause a server crash by sending a specially crafted HTTP request containing highly compressed...

PT-2026-21585

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. A heap information disclosure exists in the PSD Adobe Photoshop format handler...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...