1752 matches found
CVE-2026-59803
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
EUVD-2026-42372
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling
httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...
CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling
httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...
CVE-2026-59939
httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...
CVE-2026-59939
The CVE-2026-59939 affects the Python httplib2 library prior to 0.32.0. The root cause is unbounded decompression of HTTP response bodies encoded with gzip or deflate in _decompressContent, allowing a malicious server to send a small compressed payload that expands to very large in-memory size, l...
DEBIAN-CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
EUVD-2026-42305
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...
PT-2026-56548
Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.32.0 Description An issue exists where the library performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate within the decompressContent function in httplib2/init.py. ...
PT-2026-56493
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...
GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...
BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...
BIT-PYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...