155 matches found
CVE-2024-54016
CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
GO-2024-3340 Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server...
GHSA-V647-H8JJ-FW5R Mattermost Data Amplification vulnerability
Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
...
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
Data Amplification
github.com/go-jose/go-jose is vulnerable to Data Amplification. The vulnerability due to insufficient checks or controls in the handling of compressed data within the Decrypt or DecryptMulti functions. Specifically, when an attacker sends a JSON Web Encryption JWE containing compressed data, the...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification. An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU. Remediation There is ...
GHSA-C5Q2-7R4C-MV6G Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...
BIT-PILLOW-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
OESA-2023-1923 python-pillow security update
Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data...
Ubuntu 20.04 ESM : Pillow vulnerabilities (USN-5777-2)
The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5777-2 advisory. USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Tenable has...
EulerOS Virtualization 3.0.6.0 : python-pillow (EulerOS-SA-2023-2245)
According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 Note that...
EulerOS Virtualization 2.11.0 : python-pillow (EulerOS-SA-2023-2101)
According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...
EulerOS Virtualization 2.11.1 : python-pillow (EulerOS-SA-2023-2047)
According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2023-2101)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-pillow packages fix security vulnerability
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...
EulerOS Virtualization 2.10.1 : python-pillow (EulerOS-SA-2023-1897)
According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...