8 matches found
CVE-2026-59873
A flaw was found in node-tar, a tar archive manipulation library for Node.js. This vulnerability allows a remote attacker to craft a small gzip bomb, which, when processed, can lead to the exhaustion of disk space and CPU resources. This occurs because node-tar does not enforce strict limits on t...
DEBIAN-CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
USN-8344-1 python-pip vulnerabilities
It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...
CVE-2026-25140
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...
EUVD-2026-5381
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...
apko 资源管理错误漏洞
Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.1 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the ExpandApk function not enforcing decompression restrictions, which could lead to resource exhaustion, build failures, or...
Denial Of Service (DoS)
Bugsink is vulnerable to Denial of Service DoS. The vulnerability is due to decompression of highly compressed Brotli data before enforcing limits, which allows an attacker to send crafted payloads that exhaust memory and crash the server...
Nomad Client Vulnerable to Decompression Bombs in Artifact Block
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a job submitted with a maliciously compressed source a.k.a “Zip Bomb” in an artifact stanza can cause excessive disk resource consumption, crashing a Nomad client agent. This vulnerability, CVE-2023-0821, was...