Lucene search
K

125 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.174 views

Gzip Memory Bomb Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' require 'stringio' class MetasploitModule 'Gzip Memory Bomb Denial Of Service', 'Description' = %q This module generates and hosts a 10MB single-round gzi...

7.4AI score
Exploits0
OSV
OSV
added 2024/06/05 5:26 p.m.17 views

CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...

8.2CVSS6.6AI score0.00994EPSS
Exploits1References6
OSV
OSV
added 2024/06/05 4:56 p.m.42 views

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS7.7AI score0.00994EPSS
Exploits1References7
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/05 12:0 a.m.20 views

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...

8.2CVSS8.1AI score0.00994EPSS
Exploits1References7Affected Software1
SUSE CVE
SUSE CVE
added 2024/01/10 2:41 a.m.3 views

SUSE CVE-2023-35964

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS8AI score0.01481EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2024/01/10 2:41 a.m.4 views

SUSE CVE-2023-35960

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...

7.8CVSS8AI score0.01481EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2024/01/10 2:41 a.m.2 views

SUSE CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS8AI score0.01493EPSS
Exploits1References3
OSV
OSV
added 2024/01/08 3:15 p.m.1 views

DEBIAN-CVE-2023-35963

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS7.7AI score0.01481EPSS
Exploits1References1
OSV
OSV
added 2024/01/08 3:15 p.m.1 views

DEBIAN-CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS7.7AI score0.01493EPSS
Exploits1References1
OSV
OSV
added 2024/01/08 3:15 p.m.3 views

UBUNTU-CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS5.9AI score0.01493EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/08 2:47 p.m.30 views

CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...

7.8CVSS8.2AI score0.01481EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.4 views

PT-2024-12533 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a...

7.8CVSS8.5AI score0.01493EPSS
Exploits82References133
Cvelist
Cvelist
added 2023/12/21 11:7 p.m.39 views

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

5.9CVSS9.2AI score0.00634EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/21 11:7 p.m.12 views

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

5.9CVSS7.8AI score0.00634EPSS
Exploits0References2
CVE
CVE
added 2023/09/18 12:0 a.m.45 views

CVE-2023-42526

Summary: CVE-2023-42526 describes a vulnerability in several WithSecure products where decompression of crafted data files can remotely crash the scanning engine. Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithS...

7.5CVSS7.5AI score0.00515EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2023/08/22 7:16 p.m.2 views

UBUNTU-CVE-2020-22916

DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...

5.5CVSS5.8AI score0.0024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/22 12:0 a.m.6 views

PT-2023-11638 · Xz +2 · Xz +2

Name of the Vulnerable Software and Affected Versions: XZ version 5.2.5 Description: An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes...

5.5CVSS6.8AI score0.0024EPSS
Exploits0References19
OSV
OSV
added 2023/06/07 4:5 p.m.16 views

GHSA-773G-X274-8QMF SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression

SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...

7.5CVSS7.5AI score0.00732EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.8 views

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary during frame decompression. Exploiting this vulnerability can allow a remote attacker to cause service failures ...

7.8CVSS7.8AI score0.00461EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.7 views

The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.

The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...

5CVSS7.7AI score0.98975EPSS
Exploits12References14Affected Software5
Rows per page
Query Builder