Lucene search
K

237 matches found

Fedora
Fedora
added 2026/07/08 1:11 a.m.15 views

[SECURITY] Fedora 43 Update: python-fastar-0.11.0-7.fc43

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

6AI score
Exploits0
Fedora
Fedora
added 2026/07/08 12:58 a.m.11 views

[SECURITY] Fedora 44 Update: python-fastar-0.11.0-7.fc44

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.6 views

CVE-2026-48044

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted, highly compressed zstd payload to an Envoy proxy with zstd decompression enabled. This can lead to massive memory allocation, causing severe memory...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 6:16 p.m.10 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS0.00486EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:31 p.m.7 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:31 p.m.18 views

CVE-2026-48044

Summary: CVE-2026-48044 affects Envoy’s zstd decompressor (ZstdDecompressorImpl). From 1.23.0 through 1.35.11, 1.36.7, 1.37.3, and 1.38.1, specially crafted, highly compressed zstd payloads can trigger massive memory allocation when decompression is enabled, potentially causing memory exhaustion ...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:31 p.m.37 views

CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS0.00486EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 5:31 p.m.8 views

EUVD-2026-39820

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 5:31 p.m.4 views

CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48688

Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...

7.5CVSS5.3AI score0.00594EPSS
Exploits0References62
RedHat Linux
RedHat Linux
added 2026/06/07 1:5 a.m.7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-urllib3: python3-urllib3+brotli-2.7.0-3.hum1 noarch python3-urllib3+h2-2.7.0-3.hum1 noarch python3-urllib3+socks-2.7.0-3.hum1 noarch python3-urllib3+zstd-2.7.0-3.hum1 noarch...

8.9CVSS5AI score0.0068EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Avoid infinite loops due to incomplete zstd-compressed data. Currently, the decompression logic incorrectly processes compressed data if the data is truncated in crafted deliberately corrupted images...

6.1AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libzstd

A vulnerability was discovered in zstd v1.4.10, where an attacker can provide an empty string as an argument to the command-line tool, causing a buffer overflow...

7.5CVSS7.1AI score0.01588EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd – fix double-free in per-CPU stream cleanup The crypto/zstd module contains a double-free bug that occurs when multiple tfms are allocated and freed. The issue arises because the zstdstreams per-CPU contexts are free...

5.2AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 7:17 p.m.3 views

DEBIAN-CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 7:17 p.m.12 views

CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS0.00887EPSS
Exploits1References11
CVE
CVE
added 2026/05/13 6:22 p.m.82 views

CVE-2026-42587

Netty CVE-2026-42587 affects HttpContentDecompressor and DelegatingDecompressorFrameListener. Before 4.2.13.Final and 4.1.133.Final, maxAllocation is enforced for gzip/deflate but ignored for br, zstd, or snappy, allowing an attacker to bypass the decompression limit via Content-Encoding: br and ...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References11Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-39177

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-14031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sereal::Encoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the...

8.1CVSS7.3AI score0.01424EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/29 1:8 a.m.10 views

[SECURITY] Fedora 42 Update: python-fastar-0.8.0-4.fc42

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
Rows per page
Query Builder