3256 matches found
CVE-2025-64332 Suricata is vulnerable to a stack overflow on larger compressed data
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
CVE-2025-64332 Suricata is vulnerable to a stack overflow on larger compressed data
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
CVE-2025-64332 Suricata is vulnerable to a stack overflow on larger compressed data
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
CVE-2025-64332
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
CVE-2025-64332
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
EUVD-2025-199777
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
CVE-2025-64334
Suricata (OISF) versions 8.0.0–8.0.1 are affected by an unbounded memory growth issue during decompression of compressed HTTP data. Root cause: memory growth in HTTP decompression. Impact: potential resource exhaustion (availability). Mitigation/workaround: disable LZMA decompression or limit the...
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
CVE-2025-64334
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
Suricata 安全漏洞
Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions 8.0.0 through prior to 8.0.2, which stems from a potential infinite memory growth when decompressing compressed HTTP data...
JLSEC-2025-303 A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c...
A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the resolv package (CVE-2025-24294)
Summary Resolv is used by Astronomer with IBM as part of the DNS functionality. Vulnerability Details CVEID:CVE-2025-24294 DESCRIPTION: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a...
SUSE-SU-2025:21009-1 Security update for tiff
This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...
OPENSUSE-SU-2025:20049-1 Security update for tiff
This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...
esm.sh 路径遍历漏洞
esm.sh is a content distribution network open-sourced by esm.sh. A path traversal vulnerability exists in versions prior to esm.sh 136, which stems from path traversal during the decompression of NPM packages, and could lead to arbitrary file writes...
Security Bulletin: Netty Decompression Decoders Allow Unbounded Buffer Allocation Leading to DoS (Fixed in 4.1.125/4.2.5)
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...
[SECURITY] Fedora 42 Update: suricata-7.0.13-1.fc42
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...