Lucene search
K

151 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday4 views

Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...

7.5CVSS6.7AI score0.00433EPSS
Exploits0Affected Software2
EUVD
EUVD
added 4 days ago16 views

EUVD-2026-34015

Tesla has decompression bomb on response body...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59939

A flaw was found in httplib2, a Python HTTP client library. This vulnerability allows a malicious or compromised HTTP server to send a small compressed data payload that, when decompressed by httplib2, expands to an extremely large size in memory. This unbounded decompression can lead to a Denial...

7.5CVSS5.8AI score0.00339EPSS
Exploits1References6
NVD
NVD
added 6 days ago5 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00339EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42372

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00339EPSS
Exploits1References3
CVE
CVE
added 6 days ago7 views

CVE-2026-59939

The CVE-2026-59939 affects the Python httplib2 library prior to 0.32.0. The root cause is unbounded decompression of HTTP response bodies encoded with gzip or deflate in _decompressContent, allowing a malicious server to send a small compressed payload that expands to very large in-memory size, l...

7.5CVSS6AI score0.00339EPSS
Exploits1References3Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS0.00358EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56493

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56548

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.32.0 Description An issue exists where the library performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate within the decompressContent function in httplib2/init.py. ...

7.5CVSS6.1AI score0.00339EPSS
Exploits1References10
OSV
OSV
added last week4 views

PYSEC-2026-1202 Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS6AI score0.00418EPSS
Exploits1References7
OSV
OSV
added last week5 views

GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/25 9:33 p.m.3 views

GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic

Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...

7.5CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52645

Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...

7.5CVSS5.8AI score
Exploits0References6
CVE
CVE
added 2026/06/15 9:55 p.m.63 views

CVE-2026-53430

CVE-2026-53430 describes a DoS in elixir-grpc GRPC.Compressor.Gzip.decompress/1 where :zlib.gunzip/1 is called directly on attacker-controlled input without a decompressed-size limit, enabling a gzip decompression bomb. The registered gzip GRPC.Compressor runs automatically for frames with grpc-e...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.9 views

EEF-CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex,...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.12.1 : python-pip (EulerOS-SA-2026-2086)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in...

8.9CVSS5.6AI score0.02667EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.14 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.14 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS0.00329EPSS
Exploits0References4
Rows per page
Query Builder