Lucene search
K

10 matches found

OSV
OSV
added 2026/06/26 4:35 p.m.2 views

GHSA-J9CW-HWQF-85W7 Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:55 p.m.7 views

EUVD-2026-37014

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.8 views

EEF-CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex,...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 10:53 p.m.53 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00671EPSS
Exploits0References29Affected Software1
OSV
OSV
added 2026/04/13 7:22 p.m.3 views

GHSA-WHJ4-6X5X-4V2J FITS GZIP decompression bomb in Pillow

Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service OOM crash or severe performance degradation...

8.7CVSS5.8AI score0.00671EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/09 3:35 p.m.8 views

EUVD-2026-20914

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

5.9AI score0.00484EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 3:16 p.m.3 views

DEBIAN-CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

7.5CVSS5.3AI score0.00484EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/09 2:44 p.m.4 views

CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

7.5CVSS5.3AI score0.00484EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompress...

7.5CVSS5.9AI score0.00484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.47 views

openSUSE Security Update : python (openSUSE-SU-2014:0380-1)

Python was updated to 2.7.6 to fix bugs and security issues : - bugfix-only release - SSL-related fixes - upstream fix for CVE-2013-4238 - upstream fixes for CVE-2013-1752 - added patches for CVE-2013-1752 bnc856836 issues that are missing in 2.7.6: python-2.7.6-imaplib.patch...

7.5CVSS7.4AI score0.28319EPSS
Exploits8References11
Rows per page
Query Builder