Lucene search
+L

1752 matches found

NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-59803

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 7:42 p.m.38 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 7:42 p.m.6 views

EUVD-2026-42372

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 7:42 p.m.3 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6.1AI score0.00408EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 7:34 p.m.3 views

CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/08 7:34 p.m.31 views

CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00358EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/08 7:34 p.m.14 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6AI score0.00358EPSS
Exploits1
CVE
CVE
added 2026/07/08 7:34 p.m.9 views

CVE-2026-59939

The CVE-2026-59939 affects the Python httplib2 library prior to 0.32.0. The root cause is unbounded decompression of HTTP response bodies encoded with gzip or deflate in _decompressContent, allowing a malicious server to send a small compressed payload that expands to very large in-memory size, l...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/08 4:16 p.m.3 views

DEBIAN-CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References1
NVD
NVD
added 2026/07/08 4:16 p.m.9 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS0.00358EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/08 3:22 p.m.6 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1
EUVD
EUVD
added 2026/07/08 3:22 p.m.5 views

EUVD-2026-42305

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:22 p.m.6 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/08 3:22 p.m.3 views

CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References5
Fedora
Fedora
added 2026/07/08 1:10 a.m.6 views

[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS5.9AI score0.00373EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56548

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.32.0 Description An issue exists where the library performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate within the decompressContent function in httplib2/init.py. ...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56493

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 3:28 p.m.5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 2026/07/06 3:28 p.m.6 views

BIT-PYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
Rows per page
Query Builder