13 matches found
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...
CVE-2023-28638
Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...
CVE-2022-29240
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
Authentication flaw
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
Denial Of Service (DoS)
gd is vulnerable to denial of serviceDoS. The readimagetga function in gdtga.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...
Out-of-bounds
The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...
CVE-2016-6906
The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...
CVE-2016-6906
The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...
CVE-2016-6906
CVE-2016-6906 affects the GD Graphics Library (libgd) read_image_tga in gd_tga.c, vulnerable before 2.2.4 due to an out-of-bounds read in the TGA decompression buffer when processing crafted images. This can cause denial of service; potential for remote impact is indicated in related advisories, ...
CVE-2016-6906
The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...
CVE-2016-6906
The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...