125 matches found
Gzip Memory Bomb Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' require 'stringio' class MetasploitModule 'Gzip Memory Bomb Denial Of Service', 'Description' = %q This module generates and hosts a 10MB single-round gzi...
CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...
GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...
SUSE CVE-2023-35964
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
SUSE CVE-2023-35960
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...
SUSE CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
DEBIAN-CVE-2023-35963
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
DEBIAN-CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
UBUNTU-CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35959
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...
PT-2024-12533 · Gtkwave · Gtkwave
Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a...
CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...
CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...
CVE-2023-42526
Summary: CVE-2023-42526 describes a vulnerability in several WithSecure products where decompression of crafted data files can remotely crash the scanning engine. Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithS...
UBUNTU-CVE-2020-22916
DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...
PT-2023-11638 · Xz +2 · Xz +2
Name of the Vulnerable Software and Affected Versions: XZ version 5.2.5 Description: An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes...
GHSA-773G-X274-8QMF SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...
The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary during frame decompression. Exploiting this vulnerability can allow a remote attacker to cause service failures ...
The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.
The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...