Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS6.8AI score0.00887EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/11/28 12:22 a.m.16 views

SUSE CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.8AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2025/11/26 11:15 p.m.6 views

CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS0.00306EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 11:15 p.m.3 views

DEBIAN-CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS5.3AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2025/11/26 10:39 p.m.21 views

CVE-2025-64334

Suricata (OISF) versions 8.0.0–8.0.1 are affected by an unbounded memory growth issue during decompression of compressed HTTP data. Root cause: memory growth in HTTP decompression. Impact: potential resource exhaustion (availability). Mitigation/workaround: disable LZMA decompression or limit the...

7.5CVSS6.4AI score0.00306EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 10:39 p.m.3 views

CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.4AI score0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/26 10:39 p.m.4 views

EUVD-2025-199777

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.3AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 10:39 p.m.7 views

CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.7AI score0.00306EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

6.5CVSS6.7AI score0.01703EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/21 7:15 p.m.2 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.5CVSS7.2AI score0.00732EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-21351 · Unknown · Swiftnio Extras

Name of the Vulnerable Software and Affected Versions: SwiftNIO Extras affected versions not specified Description: The issue is related to improper detection of complete HTTP body decompression in SwiftNIO Extras. This can lead to an infinite loop and denial-of-service when trailing junk data is...

7.5CVSS7.2AI score0.00732EPSS
Exploits0References9
Rows per page
Query Builder