33 matches found
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...
OESA-2025-2668 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
OESA-2025-2645 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
EUVD-2025-37237
Brotli is vulnerable to a denial of service DoS attack due to decompression...
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
UBUNTU-CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176
CVE-2025-6176 affects Scrapy up to 2.13.2 (and advisory notes extend to 2.13.3) due to a flaw in brotli decompression that can cause a DoS by extremely high compression ratios on zero-filled data, consuming memory and crashing clients with limited RAM. The DoS is remote via network interactions; ...
GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
UBUNTU-CVE-2023-52861
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer of zeroes as the EDID information ...
GHSA-R2PG-W96P-PCPJ ws-xmlrpc DoS Vulnerability
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption by decompressing a large file containing zeroes...