41 matches found
PT-2026-52645
Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...
CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
CVE-2026-53430
CVE-2026-53430 describes a DoS in elixir-grpc GRPC.Compressor.Gzip.decompress/1 where :zlib.gunzip/1 is called directly on attacker-controlled input without a decompressed-size limit, enabling a gzip decompression bomb. The registered gzip GRPC.Compressor runs automatically for frames with grpc-e...
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
PT-2026-48924
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can supply an...
CVE-2026-5438
CVE-2026-5438 describes a gzip decompression bomb vulnerability in Orthanc when processing HTTP requests with Content-Encoding: gzip. The server does not enforce decompressed size limits and may allocate memory based on attacker-controlled compression metadata, potentially leading to memory exhau...
curl: Unbounded GZIP Decompression Leading to Event-Loop Starvation
When libcurl is configured to decompress HTTP responses via CURLOPTACCEPTENCODING or the --compressed CLI flag, it lacks decompression bounds checking or a mechanism to yield execution during massive expansion tasks. If an attacker provides a highly compressed payload zip bomb, libcurl's underlyi...
EUVD-2021-2346
Malware in sbrugna...
EUVD-2018-7208
Malware in sbrugna...
EUVD-2025-6985
Malicious code in bioql PyPI...
SUSE CVE-2024-12886
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the makeRequestWithRetry and getAuthorizationToken functions. An attacker can cause the server to crash by sending a specially crafted gzip bomb HTTP response. Details Denial of Service DoS describes a family o...
GHSA-V464-R2R9-WWW7 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
CVE-2024-12886
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...
CVE-2024-12886
CVE-2024-12886 affects ollama/ollama up to version 0.3.14 with an Out-Of-Memory (OOM) DoS when a gzip bomb is processed. The root cause is reading the response body via io.ReadAll in makeRequestWithRetry and getAuthorizationToken, leading to excessive memory usage and crash. Multiple sources (NVD...