Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:37 p.m.10 views

Security Bulletin:urllib3 Unbounded Decompression Chain Enables Denial of Service

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massiv...

8.9CVSS6.9AI score0.00622EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/16 11:26 a.m.8 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 3:25 p.m.8 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 10:57 a.m.4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 10:53 a.m.7 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/27 9:32 a.m.5 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 12:44 p.m.5 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
Veracode
Veracode
added 2025/12/13 7:33 a.m.7 views

Denial Of Service (DoS)

urllib3 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to an unbounded decompression chain, where nested compression layers are not limited, allowing a malicious server to send specially crafted responses that trigger excessive CPU usage and large memory allocation during...

8.9CVSS7.4AI score0.00622EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2025/12/12 12:24 a.m.0 views

SUSE CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

5.3CVSS6.8AI score0.00622EPSS
Exploits0References22
OSV
OSV
added 2023/02/23 8:15 p.m.3 views

ALPINE-CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

6.5CVSS6.9AI score0.01703EPSS
Exploits1References1
OSV
OSV
added 2022/07/08 11:3 a.m.4 views

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...

9.8CVSS6.6AI score0.3197EPSS
Exploits4References5
OSV
OSV
added 2022/07/07 1:15 p.m.1 views

DEBIAN-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS7AI score0.3197EPSS
Exploits1References1
Rows per page
Query Builder