Lucene search
K

3283 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

tar-rs 安全漏洞

tar-rs is a Rust language library for reading and writing tar archive files, developed by Alex Crichton. Versions of tar-rs prior to 0.4.44 contained security vulnerabilities. These vulnerabilities were caused by inconsistent handling of PAX size headers, which could lead to inconsistent...

8.1CVSS6AI score0.00688EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

AlmaLinux 9 : libarchive (ALSA-2026:5080)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5080 advisory. libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archivereaddata in libarchive CVE-2026-4111 Tenable has extracted the preceding description...

7.5CVSS5.9AI score0.00693EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 4:56 p.m.3 views

Incorrect Bitwise Shift of Integer

Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer in the zisofs decompression process due to improper validation of the pzlog2bs field from ISO9660 Rock Ridge extensions. An attacker can cause application crashes and service disruption by supplying a...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/19 3:16 p.m.4 views

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:53 p.m.44 views

CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

6.5CVSS0.00305EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:53 p.m.5 views

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/19 1:53 p.m.4 views

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/19 8:18 a.m.3 views

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 12:0 a.m.5 views

ALSA-2026:5063 Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/03/19 12:0 a.m.18 views

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.6 views

RHEL 9 : libarchive (RHSA-2026:5080)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5080 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 6:31 a.m.4 views

GHSA-XV6H-R36F-3GP5 Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

5.3CVSS5.9AI score0.00502EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/18 6:31 a.m.7 views

Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References8Affected Software3
CVE
CVE
added 2026/03/18 3:19 a.m.60 views

CVE-2026-2575

Keycloak vulnerability CVE-2026-2575 allows an unauthenticated attacker to trigger an application‑level DoS by sending a highly compressed SAMLRequest via the Redirect Binding. The server does not enforce size limits during DEFLATE decompression, causing an OutOfMemoryError and possible process t...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/17 12:0 p.m.3 views

RUSTSEC-2026-0041 Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

8.2CVSS5.9AI score0.00608EPSS
Exploits0References2
RustSec
RustSec
added 2026/03/17 12:0 p.m.8 views

Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

8.2CVSS5.9AI score0.00608EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/17 8:2 a.m.8 views

Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

...

7.5CVSS5.8AI score0.00693EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/03/17 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2026-1599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.1 : brotli (EulerOS-SA-2026-1419)

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.0 : brotli (EulerOS-SA-2026-1476)

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References2
Rows per page
Query Builder