Lucene search
K

359 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS6.8AI score0.00887EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS6AI score0.00594EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 3:28 p.m.5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 2026/07/06 3:28 p.m.6 views

BIT-PYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 2026/07/06 3:23 p.m.4 views

BIT-LIBPYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References7
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-41992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different...

7.5CVSS6.2AI score0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 6:16 p.m.10 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS0.00486EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:31 p.m.7 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:31 p.m.18 views

CVE-2026-48044

Summary: CVE-2026-48044 affects Envoy’s zstd decompressor (ZstdDecompressorImpl). From 1.23.0 through 1.35.11, 1.36.7, 1.37.3, and 1.38.1, specially crafted, highly compressed zstd payloads can trigger massive memory allocation when decompression is enabled, potentially causing memory exhaustion ...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:31 p.m.37 views

CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS0.00486EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 5:31 p.m.3 views

CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52889

Name of the Vulnerable Software and Affected Versions Envoy versions 1.23.0 through 1.35.10 Envoy versions 1.36.0 through 1.36.6 Envoy versions 1.37.0 through 1.37.2 Envoy versions 1.38.0 through 1.38.0 Description A flaw exists in the zstd decompressor implementation ZstdDecompressorImpl. When...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References19
OSV
OSV
added 2026/06/25 7:40 a.m.12 views

BIT-PYTHON-MIN-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 7:40 a.m.10 views

BIT-PYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 7:36 a.m.11 views

BIT-LIBPYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 1:10 p.m.4 views

OESA-2026-2694 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.10 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.9 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
Rows per page
Query Builder