SUSE CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, USA, for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter version 1.x prior to 1.7.0 and version 2.x prior to 2.2.0, which stems from...

PT-2023-16290 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.6.2 and earlier, 2.1.1 and earlier Description: The issue concerns decompression bombs, which can lead to excessive memory consumption and denial-of-service attacks. Recommendations: For versions 1.6.2 and...

SUSE SLES12 Security Update : curl (SUSE-SU-2023:0425-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0425-1 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

SUSE CVE-2005-0953

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...

SUSE CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete...

SUSE CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete...

SUSE CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service hard drive consumption via a crafted bzip2 file that causes an infinite loop a.k.a "decompression bomb"...

SUSE CVE-2005-2475

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete...

SUSE CVE-2005-2659

Buffer overflow in the LZX decompression in CHM Lib chmlib 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors...

SUSE CVE-2006-4335

Array index error in the maketable function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted GZIP archive that triggers an...

SUSE CVE-2007-1745

The chmdecompressstream function in libclamav/chmunpack.c in Clam AntiVirus ClamAV before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third part...

SUSE CVE-2007-6337

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlibprivate.h in ClamAV before 0.92 has unknown impact and remote attack vectors...

SUSE CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

SUSE CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via ...

SUSE CVE-2011-3262

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

SUSE CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest administrators to cause a denial of service domain 0 memory consumption via a crafted a kernel or b ramdisk...

SUSE CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...