CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from a failure to check the size of the contents when decompressing a zip file, which could lead to a zip bomb decompression...

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

OESA-2025-1687 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used lar...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

SUSE CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

CVE-2022-50193 erofs: wake up all waiters after z_erofs_lzma_head ready

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

CVE-2022-50193 erofs: wake up all waiters after z_erofs_lzma_head ready

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

CVE-2022-50193

CVE-2022-50193 concerns Linux kernel erofs: wake up all waiters after z_erofs_lzma_head is ready. The issue can cause the decompression thread to hang when mounting erofs a second time due to a sequence where Task A loads lzma config and fills z_erofs_lzma_head after Task B has already slept wait...

PT-2025-26119 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the erofs filesystem. The issue occurs when the user mounts the erofs filesystem for the second time, which may cause...

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

Brotli decompression bomb DoS

This report is not public...

PT-2025-44569

Name of the Vulnerable Software and Affected Versions Scrapy versions up to 2.13.2 Description Scrapy is susceptible to a denial of service DoS attack stemming from an issue in its brotli decompression implementation. The built-in protection against decompression bombs does not effectively addres...

Brotli decompression bomb DoS

Description urllib3 can not stream brotli-encoded responses properly unlike the way it handles gzip responses. It always loads entire decompressed response body into memory when reading brotli-encoded response, which allows malicious servers to perform DoS attack by responding with decompression...

CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...