11 matches found
Amazon Linux 2 : perl-IO-Compress, --advisory ALAS2-2026-3355 (ALAS-2026-3355)
The version of perl-IO-Compress installed on the remote host is prior to 2.061-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3355 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward...
CVE-2025-15649
A flaw was found in perl-IO-Compress. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted zip file. The IO::Uncompress::Unzip module, which is part of perl-IO-Compress, does not properly handle malformed date information within a zip file'...
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...
EUVD-2026-32043
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...
CVE-2026-48959
CVE-2026-48959 affects IO::Uncompress::Unzip for Perl prior to 2.220. The issue is a per-byte read loop in fastForward that mis-compares the offset length to the chunk size, causing CPU exhaustion as it iterates from 16 KiB down to 1–19 bytes per step. Reading a named entry from an attacker-suppl...
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
PT-2026-43486
Name of the Vulnerable Software and Affected Versions IO::Uncompress::Unzip versions prior to 2.220 Description An issue in the fastForward function allows CPU exhaustion. The function compares the length of the $offset variable the digit count of the offset, ranging from 1 to 19 against the chun...
Linux Distros Unpatched Vulnerability : CVE-2025-15649
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the...
Unzip 安全漏洞
Unzip is a Golang.zip decompression tool developed by Yige’s developers. Versions of Unzip prior to 2.215 contained security vulnerabilities. These vulnerabilities stemmed from failing to catch exceptions when parsing zip headers with incorrect DOS date formats. As a result, an exception was thro...