45 matches found
UBUNTU-CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2025-66382
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy [CVE-2024-45338]
Summary IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy, due to non-linearly parsing of input with respect to its length CVE-2024-45338 . Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...
EUVD-2024-3617
Malicious code in bioql PyPI...
Medium: soci-snapshotter
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: soci-snapshotter Note: This advisory is applicable to...
Medium: runfinch-finch
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...
CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins (CVE-2024-45338)
The version of application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45338 advisory. - An attacker can craft an input t...
CVE-2024-45338
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service...
SUSE CVE-2024-45338
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54422 CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54567 CVE-2024-45338 affecting package cri-o for versions less than 1.22.3-9
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54464 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.7.0-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54500 CVE-2024-45338 affecting package kubernetes for versions less than 1.28.4-14
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54534 CVE-2024-45338 affecting package helm for versions less than 3.14.2-5
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54398 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54555 CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-24
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
CVE-2024-45338
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54425 CVE-2024-45338 affecting package kubernetes for versions less than 1.30.3-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54527 CVE-2024-45338 affecting package containerized-data-importer for versions less than 1.55.0-22
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...