Lucene search
K

27 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 8:19 p.m.22 views

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

5.4AI score0.00052EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/08 12:16 a.m.0 views

GHSA-FJRM-76X2-C4Q4 JWCrypto: JWE ZIP decompression bomb

Summary The fix for GHSA-j857-7rvv-vj97 in v1.5.6 is weak in that it does not allow to fully control the amount of plaintext the receiver is willing to deal with and provides just a weak upper bound. The patch limits input token size to 250KB but does not validate the decompressed output size. An...

5.3CVSS5.9AI score0.00294EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.20 views

Oracle Linux 7 : unzip (ELSA-2019-2159)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2159 advisory. 6.0-20 - Fix CVE-2018-18384 Resolves: CVE-2018-18384 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

5.5CVSS6.1AI score0.02586EPSS
Exploits1References2
OSV
OSV
added 2023/02/23 8:15 p.m.0 views

UBUNTU-CVE-2022-3219

GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...

3.3CVSS5.8AI score0.0029EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/13 11:57 a.m.3 views

envoy: Decompressors can be zip bombed

A flaw was found in Envoy. A specifically constructed HTTP body delivered by an untrusted downstream or upstream peer whose decompressed size is dramatically larger than the compressed size can be sent by an attacker to cause a denial of service...

7.5CVSS5.7AI score0.0144EPSS
Exploits1References5
Veracode
Veracode
added 2021/06/22 10:3 p.m.29 views

Denial Of Service (DoS)

Info-ZIP is vulnerable to Denial Of Service DoS. It is possible due to a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS3.3AI score0.02586EPSS
Exploits1References9Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

Info-ZIP UnZip 6.0 has a buffer overflow in list.c when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value because a buffer size is 10 and is supposed to be 12.

...

5.5CVSS5.7AI score0.02586EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.5 views

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

...

5CVSS6.4AI score0.11562EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.92 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : unzip Vulnerability (NS-SA-2019-0234)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size...

5.5CVSS6.4AI score0.02586EPSS
Exploits1References2
Amazon
Amazon
added 2019/11/04 12:0 a.m.39 views

Low: unzip

Issue Overview: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.CVE-2018-18384 Affected Packages: unzip Note: This advisory is...

5.5CVSS6.4AI score0.02586EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.36 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : unzip Vulnerability (NS-SA-2019-0192)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size...

5.5CVSS6.4AI score0.02586EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2018/10/25 10:50 a.m.23 views

CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS2.7AI score0.02586EPSS
Exploits1References2
OSV
OSV
added 2018/10/16 4:50 p.m.3 views

DEBIAN-CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS7.7AI score0.02586EPSS
Exploits1References1
OSV
OSV
added 2018/10/16 4:50 p.m.6 views

AZL-6942 CVE-2018-18384 affecting package unzip for versions less than 6.0-19

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS6.6AI score0.02586EPSS
Exploits1References1
OSV
OSV
added 2018/10/16 4:50 p.m.5 views

AZL-35340 CVE-2018-18384 affecting package unzip for versions less than 6.0-20

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS6.6AI score0.02586EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/10/16 4:50 p.m.27 views

CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS6.6AI score0.02586EPSS
Exploits1References2
Prion
Prion
added 2018/10/16 4:50 p.m.22 views

Buffer overflow

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

4.3CVSS5.7AI score0.02586EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/10/16 4:50 p.m.4 views

UBUNTU-CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS6.6AI score0.02586EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2018/10/16 3:0 p.m.48 views

CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS5.4AI score0.02586EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/10/16 3:0 p.m.30 views

CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12...

5.5CVSS6.2AI score0.02586EPSS
Exploits1
Rows per page
Query Builder