4 matches found
Important: nodejs24
Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...
CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
SUSE CVE-2010-0205
The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...
PT-2025-12367
Name of the Vulnerable Software and Affected Versions Redlib versions prior to 0.36.0 Description A denial-of-service condition can be triggered by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore preferences form, leading to excessive memory consumption a...