CVE-2023-52497

CVE-2023-52497 affects the Linux kernel EROFS: the vulnerability stems from in-place LZ4 decompression where two mapped buffers could cause data corruption due to overlapping buffers and buffer ordering, especially on newer Intel CPUs with FS RM. The fix switches to using the decompressed buffer ...

CVE-2023-52497 erofs: fix lz4 inplace decompression

In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...

CVE-2023-52497

In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...

CentOS 9 : gstreamer1-plugins-good-1.18.4-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gstreamer1-plugins-good-1.18.4-6.el9 build changelog. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while...

PT-2024-26784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A descriptor leak issue has been resolved in the Linux kernel. The iaa compress and iaa decompress functions' disable async paths do not free idxd descriptors when req-dst is set to null...

Decompression Bomb

scrapy is vulnerable to Decompression Bomb. The vulnerability is caused due to not enforcing validating the maximum size of decompressed data and applying the check only on compressed one. The existing checks only applied to settings DOWNLOADMAXSIZE and DOWNLOADWARNSIZE which only exist on...

GHSA-7J7M-V7M3-JQM7 Scrapy decompression bomb vulnerability

Impact Scrapy limits allowed response sizes by default through the DOWNLOADMAXSIZE and DOWNLOADWARNSIZE settings. However, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to...

Scrapy decompression bomb vulnerability

Impact Scrapy limits allowed response sizes by default through the DOWNLOADMAXSIZE and DOWNLOADWARNSIZE settings. However, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to...

GHSA-84XV-JFRM-H4GM registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files...

registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files...

CVE-2024-1485

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

CVE-2024-1485

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

Design/Logic Flaw

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

CVE-2024-1485 Registry-support: decompress can delete files outside scope via relative paths

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

CVE-2024-1485

CVE-2024-1485 affects the registry-support library’s decompression logic. An unauthenticated attacker can trick a user into parsing a devfile that uses the parent or plugin keywords, causing the decompressor to extract archives with relative paths that write outside the intended scope. This can l...

CVE-2024-1485 Registry-support: decompress can delete files outside scope via relative paths

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

PT-2024-18086 · Unknown · Registry-Support

Name of the Vulnerable Software and Affected Versions: registry-support versions prior to v0.0.0-20240206 Description: A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which...

Denial Of Service (DoS)

github.com/tendermint/tendermint is vulnerable to Denial Of Service DoS. The vulnerability is due to the makeHTTPClient function within httpclient.go automatically decompressing Gzip-compressed responses, without limitations on the size or content of the response body. This allows an attacker to...

GHSA-3GJH-29FV-8HR6 Nervos CKB Snappy decompress length can be very large and causes out of memory error

Impact Adversary can create message which compressed size is less than the package limit but the decompressed length is very large such as 1G. It will cost the node many memories to process the network messages, and on the system with less than 1G memory, the process is killed directly because of...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM formerly known as Kyber, renamed because we can't have nice things is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...