Lucene search
K

21 matches found

OSV
OSV
added 2026/06/29 11:10 a.m.7 views

BIT-LIBPYTHON-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in Ruby 3.1

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby, up to 3.2.1. The Time parser improperly handles invalid URLs that contain specific characters. This causes an increase in execution time when parsing strings into Time objects. The fixed versions are 0.1.1 and 0.2.2...

5.3CVSS7.1AI score0.02452EPSS
Exploits0References3
NVD
NVD
added 2026/01/27 7:16 p.m.6 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/01/27 6:27 p.m.6 views

CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:27 p.m.8 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54446 CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.8 views

AZL-54434 CVE-2024-45338 affecting package kube-vip-cloud-provider for versions less than 0.0.10-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.10 views

AZL-54407 CVE-2024-45338 affecting package keda for versions less than 2.14.1-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54512 CVE-2024-45338 affecting package cri-tools for versions less than 1.29.0-6

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.9 views

AZL-54546 CVE-2024-45338 affecting package containerd2 for versions less than 2.0.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54519 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.6.2-7

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54413 CVE-2024-45338 affecting package helm for versions less than 3.15.2-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/09/06 11:9 a.m.11 views

OESA-2024-2116 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.7CVSS7AI score0.02303EPSS
Exploits1References4
OSV
OSV
added 2024/09/06 11:9 a.m.10 views

OESA-2024-2118 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.7CVSS7AI score0.02303EPSS
Exploits1References4
OSV
OSV
added 2024/09/06 11:9 a.m.11 views

OESA-2024-2117 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.7CVSS7AI score0.02303EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/05/30 1:22 p.m.8 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.8 views

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02452EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.7 views

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/24 8:59 a.m.4 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.3AI score0.02637EPSS
Exploits0References5
Snyk
Snyk
added 2023/03/31 6:53 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS such that the parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. Details Denial of Service DoS describes ...

6.5CVSS6.9AI score0.02452EPSS
Exploits0References2
Rows per page
Query Builder