Lucene search
K

25 matches found

CVE
CVE
added 2026/02/04 7:2 p.m.13 views

CVE-2026-25122

CVE-2026-25122 affects chainguard.dev/apko: unbounded resource consumption in expandapk.Split when processing attacker-controlled .apk streams. From 0.14.8 up to (but not including) 1.1.0, the first gzip stream is drained without a maximum uncompressed byte limit, enabling excessive CPU inflation...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/04 7:2 p.m.6 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.26 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.7 views

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6268

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.0.9 Description apko is a tool for building and publishing OCI container images from apk packages. A flaw exists in the expandapk.Split function where it drains the first gzip stream of an APK archive without...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.3 views

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

5.8CVSS7.2AI score0.08113EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/30 3:47 p.m.6 views

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

5.8CVSS7.2AI score0.08113EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/29 6:18 a.m.3 views

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

5.8CVSS7.2AI score0.08113EPSS
Exploits0References5
Rows per page
Query Builder