3196 matches found
CVE-2026-48594
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
EUVD-2026-34015
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48594
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48594
The CVE-2026-48594 issue affects elixir-tesla/tesla: when Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is used, HTTP responses are decompressed eagerly without a size cap. The decompress_body/2 path passes the full body to :zlib.gunzip/1 or :zlib.unzip/1, and compression_al...
EEF-CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline...
OPENSUSE-SU-2026:20889-1 Security update for tor
This update for tor fixes the following issues: Changes in tor: - Update to 0.4.9.9 Major bugfixes compression, security: - Fix a compression bomb bypass where an attacker could concatenate many gzip or zlib sub-streams, each just under the per-stream detection threshold, to avoid the compression...
Security update for python-Twisted
This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2026:2219-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
SUSE-SU-2026:2218-1 Security update for python3-Twisted
This update for python3-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
PT-2026-45837
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
Tesla 安全漏洞
Tesla is an HTTP client software open-sourced by Elixir Tesla. Versions of Tesla from 0.6.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of decompressed data when processing highly compressed data, which could lead to...
SUSE-SU-2026:22004-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
OPENSUSE-SU-2026:20862-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
[SECURITY] Fedora 43 Update: suricata-7.0.16-1.fc43
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 44 Update: suricata-8.0.5-1.fc44
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
RLSA-2026:19176 Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...