12 matches found
EUVD-2026-31775
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
Medium: soci-snapshotter
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Medium: ecs-init
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Important: nerdctl
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Important: docker
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials (CVE-2025-56200, CVE-2025-64118, CVE-2025-59343)
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-56200 DESCRIPTION: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to par...
Linux Distros Unpatched Vulnerability : CVE-2025-64118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was...
TencentOS Server 3: nodejs:18 (TSSA-2024:0766)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0766 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
SUSE CVE-2021-20193
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability...
AZL-44490 CVE-2021-35517 affecting package apache-commons-compress 1.19-3
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package...
PT-2021-2811 · Gnu +5 · Tar +5
Name of the Vulnerable Software and Affected Versions: tar versions 1.33 and earlier Description: A flaw in the src/list.c of tar allows an attacker who can submit a crafted input file to cause uncontrolled consumption of memory, potentially leading to system availability issues. The vulnerabilit...
USN-2981-1 libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and...