11 matches found
Allocation Of Resources Without Limits
github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...
GO-2025-3922 Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz
Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz...
Fedora: Security Advisory for golang-github-ulikunitz-xz (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-ulikunitz-xz (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-ulikunitz-xz (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.8.0 Images
Red Hat OpenShift Virtualization release 4.8.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
CVE-2021-29482
A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service DoS...
CVE-2021-29482 denial of service in github.com/ulikunitz/xz
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
Fedora: Security Advisory for golang-github-ulikunitz-xz (FEDORA-2020-deff052e7a)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-ulikunitz-xz (FEDORA-2020-e384830a0d)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : golang-github-ulikunitz-xz (2020-e384830a0d)
The readUvarint function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes issue 35 CVE-2020-16845. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...