Lucene search
K

110 matches found

OSV
OSV
added 2024/03/09 1:15 a.m.6 views

AZL-35845 CVE-2024-28180 affecting package kubernetes for versions less than 1.28.4-12

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.4 views

AZL-35842 CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.1 views

UBUNTU-CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.5AI score0.01956EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/03/09 12:54 a.m.36 views

CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.5AI score0.01956EPSS
Exploits0References13
OSV
OSV
added 2024/03/08 3:6 p.m.25 views

GHSA-HJ3V-M684-V259 JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...

6.8CVSS7.4AI score0.0057EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2024/03/01 2:15 p.m.33 views

CVE-2023-52497

In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...

6.1CVSS6.3AI score0.00278EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2024/02/03 12:0 a.m.3 views

PT-2024-40047 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: CKB affected versions not specified Description: An issue allows an adversary to create a message with a compressed size less than the package limit, but with a very large decompressed length, such as 1G. This can cause a node to consume a...

7.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.7 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
Prion
Prion
added 2023/04/06 5:15 a.m.16 views

Out-of-bounds

DISPUTED An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occ...

4.3CVSS6.4AI score0.008EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.47 views

CBL Mariner 2.0 Security Update: busybox (CVE-2021-42374)

The version of busybox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-42374 advisory. - An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when...

5.3CVSS6.9AI score0.00579EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/11/16 3:9 p.m.4 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.1 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/04 4:46 a.m.3 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/13 12:34 p.m.3 views

envoy: Decompressors can be zip bombed

A flaw was found in Envoy. A specifically constructed HTTP body delivered by an untrusted downstream or upstream peer whose decompressed size is dramatically larger than the compressed size can be sent by an attacker to cause a denial of service...

7.5CVSS5.7AI score0.0144EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/13 11:57 a.m.4 views

envoy: Decompressors can be zip bombed

A flaw was found in Envoy. A specifically constructed HTTP body delivered by an untrusted downstream or upstream peer whose decompressed size is dramatically larger than the compressed size can be sent by an attacker to cause a denial of service...

7.5CVSS5.7AI score0.0144EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.6 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.6 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 4:49 a.m.22 views

Plone Denial of Service vulnerability via decompressing large zip archives

1 cbdecode.py and 2 linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service resource consumption via a large zip archive, which is expanded decompressed...

3.5CVSS6.1AI score0.01076EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:5 a.m.38 views

Pillow denial of service via PNG bomb

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...

5CVSS6.6AI score0.05426EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2022/04/26 7:15 p.m.17 views

Path traversal

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’...

6.8CVSS8.6AI score0.0146EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder