Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: brotli (UTSA-2025-991041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991041 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

CVE-2025-66324

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

EUVD-2025-201679

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...

CVE-2025-66324

The CVE-2025-66324 entry concerns Huawei HarmonyOS with an input verification flaw in the compression/decompression module. The root cause is improper input validation. Impact is on app data integrity; CVSS/metrics in the sources indicate high integrity/overall risk, though explicit affected vers...

Node.js: Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

A vulnerability was discovered in the Fetch API of Node.js that allowed an unbounded number of links in the decompression chain for HTTP responses. This could lead to resource exhaustion, as the default maxHeaderSize allowed a malicious server to insert thousands of compression steps, resulting i...

PT-2025-49521

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An input verification issue exists in the compression and decompression module. Successful exploitation could impact app data integrity. Recommendations At the moment, there is no information about a...

Linux Distros Unpatched Vulnerability : CVE-2025-66418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was...

CVE-2025-40282

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has headerops, so it must set link-local header for RX skb, otherwise things crash, eg. with AFPACKET SOCKRAW Add missing skbresetmacheader...

Insertion of Sensitive Information Into Sent Data

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

Insertion of Sensitive Information Into Sent Data

Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An...

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...

urllib3 streaming API improperly handles highly compressed data

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...

urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...