Lucene search
K

126 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.12 views

Amazon Linux 2023 : perl-IO-Compress, perl-IO-Compress-tests (ALAS2023-2026-1825)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1825 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19...

7.8CVSS5.9AI score0.00373EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : perl-IO-Compress, --advisory ALAS2-2026-3355 (ALAS-2026-3355)

The version of perl-IO-Compress installed on the remote host is prior to 2.061-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3355 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward...

7.8CVSS6.3AI score0.00373EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 a.m.16 views

CVE-2025-15649

A flaw was found in perl-IO-Compress. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted zip file. The IO::Uncompress::Unzip module, which is part of perl-IO-Compress, does not properly handle malformed date information within a zip file'...

6.5CVSS5AI score0.00127EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/27 12:28 p.m.13 views

CVE-2026-45843

A flaw was found in the Linux kernel's Serial Line Internet Protocol SLIP implementation. The slhcuncompress function, which handles VJ-compressed TCP headers, fails to perform proper bounds checks during packet processing. A remote attacker could exploit this by sending a specially crafted...

8.2CVSS5.8AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 9:24 a.m.25 views

EUVD-2026-32169

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

5.8AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 4:16 a.m.21 views

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS0.00373EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 4:16 a.m.16 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 2:29 a.m.83 views

CVE-2026-48959

CVE-2026-48959 affects IO::Uncompress::Unzip for Perl prior to 2.220. The issue is a per-byte read loop in fastForward that mis-compares the offset length to the chunk size, causing CPU exhaustion as it iterates from 16 KiB down to 1–19 bytes per step. Reading a named entry from an attacker-suppl...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 2:29 a.m.15 views

EUVD-2026-32043

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

5.7AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 2:29 a.m.87 views

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 2:25 a.m.85 views

CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

0.00127EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 2:25 a.m.8 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43486

Name of the Vulnerable Software and Affected Versions IO::Uncompress::Unzip versions prior to 2.220 Description An issue in the fastForward function allows CPU exhaustion. The function compares the length of the $offset variable the digit count of the offset, ranging from 1 to 19 against the chun...

7.5CVSS5.4AI score0.00373EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Unzip 安全漏洞

Unzip is a Golang.zip decompression tool developed by Yige’s developers. Versions of Unzip prior to 2.215 contained security vulnerabilities. These vulnerabilities stemmed from failing to catch exceptions when parsing zip headers with incorrect DOS date formats. As a result, an exception was thro...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-15649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libarchive

In libarchive versions 3.4.1 through 3.5.1, there is a use-after-free in the copystring function called from douncompressblock and processblock...

6.5CVSS7AI score0.02845EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in connman

ConnMan also known as Connection Manager versions 1.30 to 1.39 have a stack-based buffer overflow issue in the uncompress function of dnsproxy.c, occurring due to the use of NAME, RDATA, or RDLENGTH fields for the A or AAAA records...

9.8CVSS8.8AI score0.02863EPSS
Exploits1References1
OSV
OSV
added 2026/05/02 12:17 a.m.21 views

OSV-2026-664 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=508362159 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/21 12:16 a.m.7 views

OSV-2026-605 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

5.3AI score
Exploits0References1
Snyk
Snyk
added 2026/04/03 9:47 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the uncompressb44impl file. An attacker can cause an out-of-bounds write by supplying a specially crafted B44 or B44A EXR file that triggers an integer overflow, resulting in memory corruption or application...

8.4CVSS5.9AI score0.00244EPSS
Exploits1References3
Rows per page
Query Builder