Lucene search
+L

51 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-55206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

DEBIAN-CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

DEBIAN-CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 9:16 p.m.8 views

CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 8:32 p.m.33 views

CVE-2026-55206 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 8:32 p.m.22 views

CVE-2026-55206

CVE-2026-55206 (py7zr) affects the Python-based 7z library py7zr. The root cause is an O(n^2) cumulative-sum implementation in PackInfo._read() (archiveinfo.py) that parses attacker-controlled numstreams from archive headers. This causes excessive CPU usage during SevenZipFile.init() before extra...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 8:30 p.m.34 views

CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 8:30 p.m.25 views

CVE-2026-55195

CVE-2026-55195 affects the py7zr Python library (pre-1.1.3) where Worker.decompress() did not track the total decompressed size. A crafted 7z archive (e.g., 15.6 KB) could expand to ~100 MB, causing disk and memory exhaustion during extraction. This is a denial-of-service risk. The issue is fixed...

8.7CVSS6AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 8:30 p.m.6 views

CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

openSUSE 16 Security Update : python-py7zr (openSUSE-SU-2026:21159-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21159-1 advisory. Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 -...

8.7CVSS6.2AI score0.00404EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.5 views

Security update for python-py7zr (important)

openSUSE security update: security update for python-py7zr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21159-1 Rating: important References: bsc1268665 bsc1268666 bsc1268669 Cross-References: CVE-2026-23879 CVE-2026-55195 CVE-2026-55206 Affected...

8.7CVSS5.9AI score0.00404EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/27 12:0 a.m.6 views

python311-py7zr-1.1.3-1.1 on GA media (moderate)

python311-py7zr-1.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:11112-1 Rating: moderate Cross-References: CVE-2026-23879 CVE-2026-55195 CVE-2026-55206 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security...

8.7CVSS5.8AI score0.00404EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 2:9 a.m.15 views

CVE-2026-23879

A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...

8CVSS6.1AI score0.00404EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 8:16 p.m.9 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:16 p.m.4 views

DEBIAN-CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 8:16 p.m.3 views

UBUNTU-CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 7:17 p.m.22 views

CVE-2026-23879

CVE-2026-23879 relates to py7zr, a Python library for 7z archives. Versions ≤1.1.2 contain an arbitrary file write vulnerability in extractall, where crafted symbolic link chains can bypass destination-directory checks and re-create links to arbitrary system paths. This allows writing files via s...

8CVSS6.2AI score0.00404EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:17 p.m.19 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 7:17 p.m.2 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.3AI score0.00404EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 12:0 a.m.3 views

OPENSUSE-SU-2026:11112-1 python311-py7zr-1.1.3-1.1 on GA media

These are all security issues fixed in the python311-py7zr-1.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

8.7CVSS5.9AI score0.00404EPSS
Exploits0References3
Rows per page
Query Builder