17 matches found
CVE-2026-42477
A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...
Excessive CPU consumption in Reader.ReadResponse in net/textproto
...
Medium: containerd
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
golang: compress/gzip: stack exhaustion in Reader.Read
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...
SUSE CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
golang: compress/gzip: stack exhaustion in Reader.Read
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2710)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths such as .\c: could be converted to...
AZL-41765 CVE-2022-2879 affecting package ig for versions less than 0.29.0-1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
AZL-37526 CVE-2022-2879 affecting package golang for versions less than 1.21.6-1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
DEBIAN-CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
AZL-11128 CVE-2022-2879 affecting package golang for versions less than 1.19.10-1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
UBUNTU-CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Allocation of Resources Without Limits or Throttling
Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the Reader.Read function. An attacker can cause excessive memory allocation and trigger...
golang: compress/gzip: stack exhaustion in Reader.Read
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...
AZL-79092 CVE-2022-30631 affecting package golang 1.25.7-1
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
PT-2022-4638 · Go +9 · Compress/Gzip +9
Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...