6 matches found
CVE-2025-53633
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633
CVE-2025-53633 affects Chall-Manager. The vulnerability arises when decoding a scenario (zip archive): the decoded content size is not checked, allowing potential zip-bomb decompression. Exploitation does not require authentication or authorization. A patch was implemented in commit 14042aa and s...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...