Lucene search
K

33 matches found

RedHat Linux
RedHat Linux
added 2026/01/05 1:26 a.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
OSV
OSV
added 2025/11/14 12:38 p.m.4 views

OESA-2025-2668 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2025/11/07 12:31 p.m.5 views

OESA-2025-2645 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.6AI score0.00509EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/31 12:30 a.m.15 views

Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References10Affected Software2
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37237

Brotli is vulnerable to a denial of service DoS attack due to decompression...

7.5CVSS7.5AI score0.00509EPSS
Exploits0References6
NVD
NVD
added 2025/10/31 12:15 a.m.9 views

CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 12:15 a.m.4 views

UBUNTU-CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/10/31 12:0 a.m.6 views

CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.2AI score0.00509EPSS
Exploits0
CVE
CVE
added 2025/10/31 12:0 a.m.77 views

CVE-2025-6176

CVE-2025-6176 affects Scrapy up to 2.13.2 (and advisory notes extend to 2.13.3) due to a flaw in brotli decompression that can cause a DoS by extremely high compression ratios on zero-filled data, consuming memory and crashing clients with limited RAM. The DoS is remote via network interactions; ...

7.5CVSS6.2AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/06/23 10:41 p.m.5 views

GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

9.1CVSS6.3AI score0.00359EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/23 10:41 p.m.10 views

pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

9.1CVSS7.1AI score0.00359EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/21 4:15 p.m.8 views

UBUNTU-CVE-2023-52861

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer of zeroes as the EDID information ...

6.2CVSS5.8AI score0.00248EPSS
Exploits0References7
OSV
OSV
added 2022/05/17 2:40 a.m.4 views

GHSA-R2PG-W96P-PCPJ ws-xmlrpc DoS Vulnerability

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption by decompressing a large file containing zeroes...

6.5CVSS6.7AI score0.0644EPSS
Exploits1References6
Rows per page
Query Builder