14 matches found
EUVD-2018-0189
Malware in sbrugna...
SUSE CVE-2016-1253
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file...
Copy-Paste Vulnerability (CPV) Through Libxml2
nokogiri is vulnerable to denial of service DoS attacks. The library uses a vulnerable version of libxml2, causing it to be vulnerable to the following CVEs: 1. CVE-2016-9318: XML External Entity XXE through a crafted document. 2. CVE-2017-16932: Infinite Recursion during parsing. 3...
Uncontrolled resource consumption in nokogiri
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
GHSA-882P-JQGM-F45G Uncontrolled resource consumption in nokogiri
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
Moderate severity vulnerability that affects nokogiri
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. References: -...
libxml2 Denial of Service Vulnerability (CNVD-2018-08420)
libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzhead' function of the xzlib.c file in versions of libxml2 prior to 2.9.6,...
CVE-2017-18258
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
CVE-2017-18258
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
CVE-2017-18258
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
CVE-2017-18258
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
CVE-2017-18258
The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...
UBUNTU-CVE-2016-1253
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file...
Internet Bug Bounty: Denial of service in libxml2, using malicious lzma file to consume available system memory
Reported to the libxml2 devs on 23 August 2017 Patched on 7 September 2017 It was discovered through fuzzing that malicious LZMA compressed files could consume large amounts of memory when decompressed thus posing a DoS risk. I am unsure if a CVE will be assigned in this case. od -tx1 ./test000...