Astra Linux - уязвимость в curl

curl 7.84.0 supports “chained” HTTP compression algorithms, which means that a server response can be compressed multiple times, possibly using different algorithms. The number of allowable “links” in this “decompression chain” is unlimited, allowing a malicious server to insert virtually an...

JLSEC-2026-393

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

MiracleLinux 8 : curl-7.61.1-22.el8.4 (AXSA:2022-3789:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3789:02 advisory. curl: HTTP compression denial of service CVE-2022-32206 curl: FTP-KRB bad message verification CVE-2022-32208 Tenable has extracted the preceding...

EUVD-2020-27087

Malware in sbrugna...

EUVD-2006-1632

Malware in sbrugna...

EUVD-2020-0222

Malware in sbrugna...

EUVD-2015-2313

Malware in sbrugna...

USN-5495-2: curl regression

USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this...

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

BREACH Attack

Varnish VCL templates are vulnerable to the BREACH vulnerability. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...

BREACH Attack

ibexa/post-install is vulnerable to the BREACH attack. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...

BREACH Attack

ibexa/http-cache is vulnerable to the BREACH Attack. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...

GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

PT-2024-40073 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

PT-2024-40372 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: ezplatform-http-cache affected versions not specified Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

CentOS 9 : curl-7.76.1-23.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-23.el9 build changelog. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms,...

Scrapy decompression bomb vulnerability

Impact Scrapy limits allowed response sizes by default through the DOWNLOADMAXSIZE and DOWNLOADWARNSIZE settings. However, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to...