7-Zip < 24.07 RCE (ZDI-24-1532)

The version of 7-Zip installed on the remote host is prior to 24.07. It is, therefore, affected by a remote code execution vulnerability as referenced in the ZDI-24-1532 advisory. - This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interactio...

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of...

1.2.0 module bug fix and enhancement update

An update is available for qatzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list QATzip is a user space library which builds on top of the Intel QuickAssist...

PT-2024-16858 · Zlib-Rs · Zlib-Rs

Name of the Vulnerable Software and Affected Versions: zlib-rs versions prior to 0.4.0 Description: A critical stack overflow issue has been identified in the decompression functionality of zlib-rs, potentially allowing for remote code execution RCE. Recommendations: For versions prior to 0.4.0,...

GHSA-J3PX-Q95C-9683 zlib-rs stack overflow during decompression with malicious input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

freerdp: zgfx_decompress out of memory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available...

DEBIAN-CVE-2024-50247

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNTCHUNKSIZE bytes and a index out of bounds will occur in smaxoff...

AZL-53136 CVE-2024-50247 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNTCHUNKSIZE bytes and a index out of bounds will occur in smaxoff...

AZL-53013 CVE-2024-50247 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNTCHUNKSIZE bytes and a index out of bounds will occur in smaxoff...

CVE-2024-50247 fs/ntfs3: Check if more than chunk-size bytes are written

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNTCHUNKSIZE bytes and a index out of bounds will occur in smaxoff...

bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

A data integrity error was found in the bzip2 User-space package functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results or corrupted data as result of decompressing these files...

[SECURITY] Fedora 41 Update: suricata-7.0.7-1.fc41

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 40 Update: suricata-7.0.7-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Ouch! allows a segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...

GHSA-2WQ5-G96F-MV3V Ouch! allows a segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...

PT-2024-40036 · Ouch · Ouch

Name of the Vulnerable Software and Affected Versions: ouch affected versions not specified Description: The issue arises when attempting to decompress a file using ouch. It involves reaching the function ouch::archive::zip::convert zip date time, which contains an unsafe function, transmute. Thi...

RUSTSEC-2024-0374 Segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...

Segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2630)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300044.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2630 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...