81 matches found
cfme: rubygem-rubyzip denial of service via crafted ZIP file
A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...
cfme: rubygem-rubyzip denial of service via crafted ZIP file
A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...
[SECURITY] Fedora 29 Update: rubygem-rubyzip-1.1.7-10.fc29
A ruby module for reading and writing zip files...
[SECURITY] Fedora 30 Update: rubygem-rubyzip-1.1.7-10.fc30
A ruby module for reading and writing zip files...
[SECURITY] Fedora 31 Update: rubygem-rubyzip-1.1.7-10.fc31
A ruby module for reading and writing zip files...
Fedora Update for rubygem-rubyzip FEDORA-2019-52445dce42
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 29 : rubygem-rubyzip (2019-52445dce42)
Fix CVE-2019-16892 denial of service via crafted ZIP file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 30 : rubygem-rubyzip (2019-0182d0b304)
Fix CVE-2019-16892 denial of service via crafted ZIP file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
CVE-2019-16892
A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...
Rubyzip denial of service
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
GHSA-5M2V-HC64-56H6 Rubyzip denial of service
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
Denial Of Service (DoS)
Rubyzip is vulnerable to denial of service DoS attacks. The zip file entry extract method does not check or limit the file size at the time of extraction, allowing attackers to provide malicious ZIP file entries aka ZIP Bomb with spoofed uncompressed sizes to consume disk space at the time of...
Rubyzip Resource Management Error Vulnerability
Rubyzip is a Ruby library for reading and writing zip files. Rubyzip is vulnerable to a resource management error. An attacker can exploit this vulnerability to cause a denial of service disk consumption with the help of specially crafted ZIP files...
CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
DEBIAN-CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
Authentication flaw
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
UBUNTU-CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
CVE-2019-16892
CVE-2019-16892 in Rubyzip: A crafted ZIP can bypass ZIP-entry size checks because the uncompressed size data can be spoofed, enabling a denial of service via disk consumption. Affected: rubyzip before 1.3.0. Root cause: manipulated size metadata in ZIP entries. Impact: local DoS through excessive...