Filtered by CWE-409
Filtered by vendor Subscriptions
Total 15 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43499 4 Apple, Linux, Microsoft and 1 more 6 Macos, Linux Kernel, .net and 3 more 2024-12-20 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-54682 2024-12-16 6.5 Medium
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.
CVE-2024-1947 1 Gitlab 1 Gitlab 2024-12-13 4.3 Medium
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
CVE-2024-3572 2024-11-21 N/A
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.
CVE-2024-28180 1 Redhat 12 Acm, Advanced Cluster Security, Container Native Virtualization and 9 more 2024-11-21 4.3 Medium
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28101 2024-11-21 7.5 High
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size.
CVE-2023-26483 1 Gosaml2 Project 1 Gosaml2 2024-11-21 5.3 Medium
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0.
CVE-2023-0821 1 Hashicorp 1 Nomad 2024-11-21 6.5 Medium
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
CVE-2023-0475 2 Hashicorp, Redhat 3 Go-getter, Openshift, Openshift Security Profiles Operator Stable 2024-11-21 4.2 Medium
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
CVE-2022-37439 1 Splunk 2 Splunk, Universal Forwarder 2024-11-21 5.5 Medium
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
CVE-2022-29225 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression.
CVE-2019-9674 3 Canonical, Netapp, Python 3 Ubuntu Linux, Active Iq Unified Manager, Python 2024-11-21 7.5 High
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2017-16129 1 Superagent Project 1 Superagent 2024-11-21 N/A
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
CVE-2016-5004 1 Apache 1 Ws-xmlrpc 2024-11-21 N/A
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
CVE-2010-0205 8 Apple, Canonical, Debian and 5 more 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 N/A
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.