Lucene search
K

116 matches found

OSV
OSV
added 2024/03/19 4:15 p.m.5 views

AZL-36894 CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2024/03/19 4:15 p.m.3 views

ALPINE-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2024/03/19 4:15 p.m.2 views

DEBIAN-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.9AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/03/19 4:15 p.m.24 views

CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.4AI score0.00336EPSS
Exploits0References18
OSV
OSV
added 2024/03/19 3:12 p.m.29 views

CVE-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References21
Cvelist
Cvelist
added 2024/03/19 3:12 p.m.23 views

CVE-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References15
OSV
OSV
added 2024/03/19 3:12 p.m.21 views

PSF-2024-2

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS7AI score0.00336EPSS
Exploits0References15
AlpineLinux
AlpineLinux
added 2024/03/19 3:12 p.m.31 views

CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS7.2AI score0.00336EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.6 views

SUSE CVE-2020-25866

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed not uncompressed messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs...

4.3CVSS7.7AI score0.03938EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

5.5CVSS7AI score0.00415EPSS
Exploits1References3
NVD
NVD
added 2022/09/21 7:15 p.m.15 views

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

5.5CVSS0.00415EPSS
Exploits1References3
Prion
Prion
added 2022/09/21 7:15 p.m.13 views

Design/Logic Flaw

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

1.9CVSS6.5AI score0.00415EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/21 7:15 p.m.28 views

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

5.5CVSS6.8AI score0.00415EPSS
Exploits1References4
CVE
CVE
added 2022/09/21 6:25 p.m.69 views

CVE-2022-23951

Keylime before 6.3.0 is affected: the agent’s quote responses may contain untrusted ZIP data, enabling zip bomb scenarios. Concrete details across sources confirm the vulnerable component/version and the impact (zip bombs) and advise upgrading to 6.3.0+ as the remediation. Open-source advisories ...

5.5CVSS7.2AI score0.00415EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/21 6:25 p.m.17 views

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

7.6AI score0.00415EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/21 6:25 p.m.6 views

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

5.4AI score0.00415EPSS
Exploits1References3
OSV
OSV
added 2022/09/21 6:25 p.m.14 views

CVE-2022-23951

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...

5.5CVSS6.8AI score0.00415EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.1 views

PT-2022-16362 · Keylime · Keylime

Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue concerns quote responses from the agent that can contain possibly untrusted ZIP data, leading to zip bombs. Recommendations: For versions prior to 6.3.0, update to version 6.3.0 or later ...

5.5CVSS6.3AI score0.00415EPSS
Exploits1References7
OSV
OSV
added 2022/09/14 6:15 p.m.4 views

DEBIAN-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS7.3AI score0.00822EPSS
Exploits0References1
OSV
OSV
added 2022/09/14 6:15 p.m.6 views

UBUNTU-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS6.4AI score0.00822EPSS
Exploits0References4
Rows per page
Query Builder