Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2026/07/09 9:34 p.m.8 views

CVE-2026-59873

A flaw was found in node-tar, a tar archive manipulation library for Node.js. This vulnerability allows a remote attacker to craft a small gzip bomb, which, when processed, can lead to the exhaustion of disk space and CPU resources. This occurs because node-tar does not enforce strict limits on t...

9.2CVSS5.8AI score0.00358EPSS
Exploits1References6
OSV
OSV
added 2026/07/08 4:16 p.m.3 views

DEBIAN-CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 7:46 p.m.13 views

USN-8344-1 python-pip vulnerabilities

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References4
NVD
NVD
added 2026/02/04 7:16 p.m.9 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 7:2 p.m.10 views

EUVD-2026-5381

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.1 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the ExpandApk function not enforcing decompression restrictions, which could lead to resource exhaustion, build failures, or...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References3
Veracode
Veracode
added 2025/12/13 7:43 a.m.10 views

Denial Of Service (DoS)

Bugsink is vulnerable to Denial of Service DoS. The vulnerability is due to decompression of highly compressed Brotli data before enforcing limits, which allows an attacker to send crafted payloads that exhaust memory and crash the server...

7.5CVSS5.7AI score0.00457EPSS
Exploits0References9Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/02/16 9:18 p.m.10 views

Nomad Client Vulnerable to Decompression Bombs in Artifact Block

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a job submitted with a maliciously compressed source a.k.a “Zip Bomb” in an artifact stanza can cause excessive disk resource consumption, crashing a Nomad client agent. This vulnerability, CVE-2023-0821, was...

6.5CVSS6.5AI score0.00795EPSS
Exploits0
Rows per page
Query Builder