DEBIAN-CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

Design/Logic Flaw

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

UBUNTU-CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

CVE-2023-0475

CVE-2023-0475 affects HashiCorp go-getter versions up to 1.6.2 and 2.1.1. The flaw is a decompression-bomb vulnerability arising from improper handling of highly compressed data, allowing crafted archives to crash the library. Remediation: upgrade to 1.7.0 (or 2.2.0) where fixed. Connected docume...

CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

SUSE CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, USA, for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter version 1.x prior to 1.7.0 and version 2.x prior to 2.2.0, which stems from...

PT-2023-16290 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.6.2 and earlier, 2.1.1 and earlier Description: The issue concerns decompression bombs, which can lead to excessive memory consumption and denial-of-service attacks. Recommendations: For versions 1.6.2 and...

SUSE SLES12 Security Update : curl (SUSE-SU-2023:0425-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0425-1 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression...

HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

SUSE CVE-2005-0953

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...

SUSE CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete...

SUSE CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete...

SUSE CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service hard drive consumption via a crafted bzip2 file that causes an infinite loop a.k.a "decompression bomb"...