Lucene search
K

155 matches found

CVE
CVE
added 2025/03/20 8:59 a.m.63 views

CVE-2024-54016

CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...

4.3CVSS6.5AI score0.00567EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.15 views

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS6.7AI score0.00719EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/18 4:35 p.m.10 views

GO-2024-3340 Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server

Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server...

6.5CVSS6.4AI score0.00416EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 9:31 a.m.12 views

GHSA-V647-H8JJ-FW5R Mattermost Data Amplification vulnerability

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

6.5CVSS6.3AI score0.00416EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/04/11 7:0 a.m.2 views

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

...

4.3CVSS6.5AI score0.01956EPSS
Exploits0
Cvelist
Cvelist
added 2024/03/09 12:54 a.m.22 views

CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS5.1AI score0.01956EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/03/09 12:54 a.m.37 views

CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.5AI score0.01956EPSS
Exploits0References13
Veracode
Veracode
added 2024/03/08 10:52 a.m.35 views

Data Amplification

github.com/go-jose/go-jose is vulnerable to Data Amplification. The vulnerability due to insufficient checks or controls in the handling of compressed data within the Decrypt or DecryptMulti functions. Specifically, when an attacker sends a JSON Web Encryption JWE containing compressed data, the...

4.3CVSS6.6AI score0.01956EPSS
Exploits0References14Affected Software3
Snyk
Snyk
added 2024/03/07 10:54 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification. An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU. Remediation There is ...

4.3CVSS6.3AI score0.01956EPSS
Exploits0References2
OSV
OSV
added 2024/03/07 10:54 p.m.31 views

GHSA-C5Q2-7R4C-MV6G Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

4.3CVSS5.4AI score0.01956EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2024/03/07 10:54 p.m.45 views

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

4.3CVSS4.5AI score0.01956EPSS
Exploits0References15Affected Software4
OSV
OSV
added 2024/03/06 11:2 a.m.26 views

BIT-PILLOW-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS7.5AI score0.01184EPSS
Exploits0References7
OSV
OSV
added 2023/12/15 11:6 a.m.3 views

OESA-2023-1923 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data...

7.5CVSS7AI score0.01184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.27 views

Ubuntu 20.04 ESM : Pillow vulnerabilities (USN-5777-2)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5777-2 advisory. USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Tenable has...

9.1CVSS7.6AI score0.02811EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.24 views

EulerOS Virtualization 3.0.6.0 : python-pillow (EulerOS-SA-2023-2245)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 Note that...

7.5CVSS6.7AI score0.01184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.17 views

EulerOS Virtualization 2.11.0 : python-pillow (EulerOS-SA-2023-2101)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...

7.5CVSS6.9AI score0.01184EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.16 views

EulerOS Virtualization 2.11.1 : python-pillow (EulerOS-SA-2023-2047)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...

7.5CVSS6.9AI score0.01184EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2023-2101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01184EPSS
Exploits0References2
Mageia
Mageia
added 2023/05/16 7:17 p.m.87 views

Updated python-pillow packages fix security vulnerability

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...

9.8CVSS7.5AI score0.01923EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.17 views

EulerOS Virtualization 2.10.1 : python-pillow (EulerOS-SA-2023-1897)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...

7.5CVSS6.9AI score0.01184EPSS
Exploits0References3
Rows per page
Query Builder