151 matches found
urllib3 Streaming API improperly handles highly compressed data
...
Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...
urllib3 streaming API improperly handles highly compressed data
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...
CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
ALPINE-CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
UBUNTU-CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the Streaming API. The ContentDecoder class can be forced to allocate disproportionate...
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
CVE-2025-66471
CVE-2025-66471 affects urllib3’s streaming API handling of compressed HTTP responses in Python. The issue arises when streaming a highly compressed payload, where decompression could process data in a way that uses excessive CPU and memory, potentially from the decompression buffer behavior noted...
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
EUVD-2022-0197
Malicious code in bioql PyPI...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via a specially crafted wxapkg file. An attacker can cause resource consumption by sending specially crafted zip files that exploit the decompression process and convincing ...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...
GO-2025-3533 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to the improper handling of highly compressed data. An attacker can cause the server to become unresponsive and exhaust system memory by uploading and repeatedly parsing...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation Upgrade org.apache.seata:seata-compressor-zstd to version...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ZipFileBodyDecoder. An attacker can trigger an out-of-memory condition, leading to server crashes or degraded performance by uploading a specially crafted ZIP fi...