Lucene search
K

7 matches found

OSV
OSV
added 2026/02/05 3:20 a.m.6 views

GO-2026-4406 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 7:2 p.m.7 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.30 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/20 8:50 p.m.12 views

CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS6.4AI score0.00756EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/07 5:11 p.m.9 views

CVE-2023-34109 User input results in Unbounded resource consumption in @zxcvbn-ts/core

zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...

6.5CVSS7.5AI score0.00496EPSS
Exploits0References2
Veracode
Veracode
added 2022/08/02 4:6 a.m.24 views

Denial Of Service (DoS)

openzeppelin is vulnerable to denial of service DoS attacks. A malicious user is able to use a target contract of an EIP-165 supportsInterface query to cause unbounded resource consumption by returning a lot of data, causing the application to crash...

5.3CVSS5.2AI score0.00657EPSS
Exploits0References3Affected Software6
Prion
Prion
added 2018/08/09 7:29 p.m.17 views

Design/Logic Flaw

It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could...

7.1CVSS6.2AI score0.01185EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder