Lucene search
K

10 matches found

OSV
OSV
added 2026/05/19 5:57 p.m.12 views

CLSA-2026-1779213441 python3.11: Fix of 11 CVEs

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...

7.5CVSS6.8AI score0.00744EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/12/10 5:18 p.m.4 views

Security update for python310

This update for python310 fixes the following issues: Update to 3.10.19: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 CVE-2025-8291: Check the validity the ZIP64 End of Central Directory EOCD. bsc1251305 Patch Instructions: To install this SUS...

4.8CVSS7AI score0.00345EPSS
Exploits0References8
OSV
OSV
added 2025/10/14 9:30 a.m.6 views

BIT-PYTHON-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.8AI score0.00345EPSS
Exploits0References13
Microsoft CVE
Microsoft CVE
added 2025/10/10 8:2 a.m.3 views

ZIP64 End of Central Directory (EOCD) Locator record offset not checked

...

4.3CVSS7AI score0.00345EPSS
Exploits0
OSV
OSV
added 2025/10/07 6:16 p.m.2 views

DEBIAN-CVE-2025-8291

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS5.9AI score0.00345EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/10/07 6:10 p.m.3 views

CVE-2025-8291

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS5.9AI score0.00345EPSS
Exploits0
OSV
OSV
added 2018/01/12 2:29 p.m.5 views

CVE-2017-2158

Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive...

3.3CVSS5.7AI score0.00634EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/12 12:0 a.m.2 views

Lhaplus Improper Authentication Vulnerability

Lhaplus is a set of file compression and decompression software. A security vulnerability exists in Lhaplus 1.73 and earlier versions that stems from the program's failure to properly handle ZIP64 archives. The vulnerability can be exploited by an attacker to obtain information from specially...

4.3CVSS6.5AI score0.00634EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/11 5:18 a.m.3 views

Lhaplus vulnerable to improper verification when expanding ZIP64 archives

Overview Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Koji Ando of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

4.3CVSS6.4AI score0.00634EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/03/18 6:58 p.m.3 views

unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed...

7.8CVSS7.5AI score0.07448EPSS
Exploits0References5
Rows per page
Query Builder