Denial Of Service (DoS)

Bugsink is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of Brotli-compressed data during decompression, which allows an attacker to send crafted payloads that consume excessive CPU resources and disrupt service availability...

Denial Of Service (DoS)

Bugsink is vulnerable to Denial of Service DoS. The vulnerability is due to decompression of highly compressed Brotli data before enforcing limits, which allows an attacker to send crafted payloads that exhaust memory and crash the server...

Denial Of Service (DoS)

urllib3 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to an unbounded decompression chain, where nested compression layers are not limited, allowing a malicious server to send specially crafted responses that trigger excessive CPU usage and large memory allocation during...

Denial Of Service (DoS)

Scrapy and brotli is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate protection against brotli decompression bombs, which allows an attacker to send highly compressed data that expands excessively in memory and crashes the client...

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed compressed data in decompression routines, which allows an attacker to craft input that leaks previous buffer contents and expose sensitive data...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Summary Incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of...

SUSE CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

SUSE CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

PT-2025-51030

Name of the Vulnerable Software and Affected Versions Aircompressor versions 3.3 and below Description Aircompressor is a Java library providing ports of Snappy, LZO, LZ4, and Zstandard compression algorithms. Incorrect handling of malformed data in the Java-based decompressor implementations for...

Aircompressor 安全漏洞

Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor 3.3 and earlier versions contain a security vulnerability that stems from improper handling of malformed data by the Snappy and LZ4 decompressors, which coul...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : urllib3 vulnerabilities (USN-7927-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7927-1 advisory. Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possib...

Ubuntu: Security Advisory (USN-7927-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

USN-7927-1: urllib3 vulnerabilities

Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. CVE-2025-66418 Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An...

USN-7927-1 python-urllib3 vulnerabilities

Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. CVE-2025-66418 Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An...

Fedora 43 : brotli / perl-Alien-Brotli / python-urllib3 (2025-d93200cf16)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-d93200cf16 advisory. Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: - Fixed a security issue where streaming API could improperly handle highly...

urllib3 allows an unbounded number of links in the decompression chain

...

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...