AZL-47020 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

ALPINE-CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...