CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...

UBUNTU-CVE-2020-22916

DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...

PT-2023-11638 · Xz +2 · Xz +2

Name of the Vulnerable Software and Affected Versions: XZ version 5.2.5 Description: An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes...

CVE-2020-22916

CVE-2020-22916 affects XZ 5.2.5: a flaw in the decompression algorithm can be exploited by decompressing a crafted file to trigger a denial of service. The exploited payload is described as a decompression bomb: decompression of 17,486 bytes reportedly expands to 114,881,179 bytes, which the vend...

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

Veilid 缓冲区错误漏洞

Veilid is Veilid open source a peer-to-peer network that makes it easy to share all kinds of data. A security vulnerability exists in Veilid versions prior to 0.1.9, which stems from a memory leak vulnerability due to failure to check the size of compressed data during the decompression process. ...

Denial Of Service (DoS)

libclamav.so is vulnerable to Denial of Service DoS attacks. The vulnerability is caused by an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding, resulting in denial of service conditions...

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

Input validation

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

CVE-2020-26082

CVE-2020-26082 derives from Cisco AsyncOS (ESA) ’s zip decompression engine, where improper handling of password-protected zip files allows an unauthenticated, remote attacker to bypass configured content filters. The issue affects Cisco Email Security Appliance (ESA) running affected AsyncOS ver...

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

Fedora: Security Advisory for suricata (FEDORA-2023-5230b1a68a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for suricata (FEDORA-2023-7e952959f8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: suricata-6.0.13-1.fc37

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 38 Update: suricata-6.0.13-1.fc38

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Summary Multiple issues were identified in Red Hat UBI packages libcurl, openssl, gnutls, libarchive and libsepol that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of...

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

CVE-2023-34455

CVE-2023-34455 concerns snappy-java. The issue arises from an unchecked chunk length in SnappyInputStream.hasNextChunk, which can allocate a negative or excessively large array when handling untrusted input, potentially causing a java.lang.NegativeArraySizeException or java.lang.OutOfMemoryError....