UBUNTU-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

openEuler 缓冲区错误漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. Open Atomics Open Source Foundation A security vulnerability exists in versions 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS of openEuler, which stems from the fact that an attacker who submits a specially crafted tar...

CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

PT-2022-10277 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger a call to malloc0 for a variable gnu longname,...

CVE-2021-33643

CVE-2021-33643 is a vulnerability in the libtar library where an attacker submitting a crafted tar file with a header size of 0 can trigger a call to malloc(0) for gnu_longlink, leading to an out-of-bounds read. The issue is documented across multiple connected sources (open-source Linux distribu...

CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

DEBIAN-CVE-2022-37451

Exim before 4.96 has an invalid free in pamconverse in auths/callpam.c because storefree is not used after storemalloc...

PT-2022-10276

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue allows an attacker to trigger an out-of-bounds read by submitting a crafted tar file with a size of 0 in the header struct. This can cause the...

UBUNTU-CVE-2021-33452

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasmmalloc in nasmlib/alloc.c...

PT-2022-10248

Name of the Vulnerable Software and Affected Versions NASM version 2.16rc0 Description An issue was discovered in the NASM software, specifically memory leaks in the nasm malloc function located in nasmlib/alloc.c. Recommendations For NASM version 2.16rc0, consider restricting the use of the nasm...

lrzip 安全漏洞

lrzip is a compression utility program by the individual developer Con Kolivas. A security vulnerability exists in lrzip version 0.641, which stems from a memory leak in nasmmalloc in its steam.c component...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

AZL-10102 CVE-2022-32206 affecting package curl for versions less than 7.84.0-1

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

ALPINE-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

CVE-2022-32206

CVE-2022-32206 affects curl

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-179-01)

The version of curl installed on the remote host is prior to 7.84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-01 advisory. - When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the...

Internet Bug Bounty: CVE-2022-32206: HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...