CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
CVE-2017-16129 (GCVE-0-2017-16129)
Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
Severity ?
No CVSS data available.
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | superagent node module |
Affected:
<3.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:07.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/visionmedia/superagent/issues/1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "superagent node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c3.7.0"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/visionmedia/superagent/issues/1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "superagent node module",
"version": {
"version_data": [
{
"version_value": "\u003c3.7.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/479",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/479"
},
{
"name": "https://github.com/visionmedia/superagent/issues/1259",
"refsource": "MISC",
"url": "https://github.com/visionmedia/superagent/issues/1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16129",
"datePublished": "2018-06-07T02:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T19:04:07.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29225 (GCVE-0-2022-29225)
Vulnerability from cvelistv5 – Published: 2022-06-09 19:15 – Updated: 2025-04-22 17:54
VLAI?
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Affected:
< 1.22.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29225",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:40:47.984575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:54:27.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:15:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
],
"source": {
"advisory": "GHSA-75hv-2jjj-89hh",
"discovery": "UNKNOWN"
},
"title": "Zip bomb vulnerability in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29225",
"STATE": "PUBLIC",
"TITLE": "Zip bomb vulnerability in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
]
},
"source": {
"advisory": "GHSA-75hv-2jjj-89hh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29225",
"datePublished": "2022-06-09T19:15:14.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:54:27.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37439 (GCVE-0-2022-37439)
Vulnerability from cvelistv5 – Published: 2022-08-16 19:49 – Updated: 2024-09-16 22:56
VLAI?
Summary
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
8.2 , < 8.2.7.1
(custom)
Affected: 8.1 , < 8.1.11 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.7.1",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "8.1.11",
"status": "affected",
"version": "8.1",
"versionType": "custom"
}
]
},
{
"product": "Universal Forwarders",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.1.11"
},
{
"lessThan": "8.2.7.1",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T19:49:49",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
],
"source": {
"advisory": "SVD-2022-0803",
"defect": [
"SPL-220982"
]
},
"title": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-08-16T16:00:00.000Z",
"ID": "CVE-2022-37439",
"STATE": "PUBLIC",
"TITLE": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.7.1"
},
{
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.11"
}
]
}
},
{
"product_name": "Universal Forwarders",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.7.1"
},
{
"version_name": "8.1",
"version_value": "8.1.11"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-409"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"name": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
]
},
"source": {
"advisory": "SVD-2022-0803",
"defect": [
"SPL-220982"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-37439",
"datePublished": "2022-08-16T19:49:49.787022Z",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2024-09-16T22:56:21.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0475 (GCVE-0-2023-0475)
Vulnerability from cvelistv5 – Published: 2023-02-16 18:35 – Updated: 2025-03-18 14:39
VLAI?
Summary
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
Severity ?
4.2 (Medium)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:39:22.337072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:39:33.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "go-getter",
"repo": "https://github.com/hashicorp/go-getter",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0."
}
],
"value": "HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-572",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-572 Artificially Inflate File Sizes"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:35:37.518Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Go-Getter Vulnerable to Decompression Bombs"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-0475",
"datePublished": "2023-02-16T18:35:37.518Z",
"dateReserved": "2023-01-24T17:05:24.695Z",
"dateUpdated": "2025-03-18T14:39:33.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0821 (GCVE-0-2023-0821)
Vulnerability from cvelistv5 – Published: 2023-02-16 21:23 – Updated: 2025-03-18 14:35
VLAI?
Summary
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
Severity ?
6.5 (Medium)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HashiCorp | Nomad |
Affected:
0 , ≤ 1.2.15
(semver)
Affected: 0 , ≤ 1.3.8 (semver) Affected: 0 , ≤ 1.4.3 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:35:37.407891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:35:44.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad",
"repo": "https://github.com/hashicorp/nomad",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.2.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.2.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4."
}
],
"value": "HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4."
}
],
"impacts": [
{
"capecId": "CAPEC-572",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-572 Artificially Inflate File Sizes"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T21:23:24.500Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Nomad Client Vulnerable to Decompression Bombs in Artifact Block"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-0821",
"datePublished": "2023-02-16T21:23:24.500Z",
"dateReserved": "2023-02-13T21:43:02.039Z",
"dateUpdated": "2025-03-18T14:35:44.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26483 (GCVE-0-2023-26483)
Vulnerability from cvelistv5 – Published: 2023-03-03 22:02 – Updated: 2025-02-25 15:02
VLAI?
Summary
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0.
Severity ?
5.3 (Medium)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| russellhaering | gosaml2 |
Affected:
< 0.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/russellhaering/gosaml2/security/advisories/GHSA-6gc3-crp7-25w5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/russellhaering/gosaml2/security/advisories/GHSA-6gc3-crp7-25w5"
},
{
"name": "https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0"
},
{
"name": "https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0"
},
{
"name": "https://pkg.go.dev/vuln/GO-2023-1602",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:47.488843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:02:24.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gosaml2",
"vendor": "russellhaering",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go\u0027s garbage collector \"keep up\". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T22:02:44.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/russellhaering/gosaml2/security/advisories/GHSA-6gc3-crp7-25w5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/russellhaering/gosaml2/security/advisories/GHSA-6gc3-crp7-25w5"
},
{
"name": "https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0"
},
{
"name": "https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0"
},
{
"name": "https://pkg.go.dev/vuln/GO-2023-1602",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1602"
}
],
"source": {
"advisory": "GHSA-6gc3-crp7-25w5",
"discovery": "UNKNOWN"
},
"title": "gosaml2 vulnerable to Denial of Service via deflate decompression bomb"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26483",
"datePublished": "2023-03-03T22:02:44.757Z",
"dateReserved": "2023-02-23T23:22:58.575Z",
"dateUpdated": "2025-02-25T15:02:24.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12387 (GCVE-0-2024-12387)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-10-15 12:49
VLAI?
Summary
A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.
Severity ?
6.5 (Medium)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| binary-husky | binary-husky/gpt_academic |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T13:06:23.564889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:06:27.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "binary-husky/gpt_academic",
"vendor": "binary-husky",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:30.933Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"
}
],
"source": {
"advisory": "02b4ab21-d29b-4cd7-ad80-f83081ce82a4",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in binary-husky/gpt_academic"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12387",
"datePublished": "2025-03-20T10:11:21.371Z",
"dateReserved": "2024-12-09T21:00:36.453Z",
"dateUpdated": "2025-10-15T12:49:30.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12886 (GCVE-0-2024-12886)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-10-15 12:49
VLAI?
Summary
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.
Severity ?
7.5 (High)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ollama | ollama/ollama |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12886",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:32.774088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:21:22.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ollama/ollama",
"vendor": "ollama",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:34.228Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245df"
}
],
"source": {
"advisory": "f115fe52-58af-4844-ad29-b1c25f7245df",
"discovery": "EXTERNAL"
},
"title": "Out-Of-Memory (OOM) Vulnerability in ollama/ollama"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12886",
"datePublished": "2025-03-20T10:10:28.146Z",
"dateReserved": "2024-12-20T23:25:22.273Z",
"dateUpdated": "2025-10-15T12:49:34.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1947 (GCVE-0-2024-1947)
Vulnerability from cvelistv5 – Published: 2024-05-23 11:02 – Updated: 2024-10-03 06:23
VLAI?
Summary
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
Severity ?
4.3 (Medium)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:41:47.064897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:40.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #443559",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/443559"
},
{
"name": "HackerOne Bug Bounty Report #2380264",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"x_transferred"
],
"url": "https://hackerone.com/reports/2380264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.10.6",
"status": "affected",
"version": "13.2.4",
"versionType": "semver"
},
{
"lessThan": "16.11.3",
"status": "affected",
"version": "16.11",
"versionType": "semver"
},
{
"lessThan": "17.0.1",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:18.622Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #443559",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/443559"
},
{
"name": "HackerOne Bug Bounty Report #2380264",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2380264"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.10.6, 16.11.3, 17.0.1 or above."
}
],
"title": "Improper Handling of Highly Compressed Data (Data Amplification) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-1947",
"datePublished": "2024-05-23T11:02:21.780Z",
"dateReserved": "2024-02-27T19:01:59.981Z",
"dateUpdated": "2024-10-03T06:23:18.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28101 (GCVE-0-2024-28101)
Vulnerability from cvelistv5 – Published: 2024-03-06 21:07 – Updated: 2024-08-05 16:57
VLAI?
Summary
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size.
Severity ?
7.5 (High)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| apollographql | router |
Affected:
>= 0.9.5, < 1.40.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj"
},
{
"name": "https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apollographql:apollo_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apollo_router",
"vendor": "apollographql",
"versions": [
{
"lessThan": "1.40.2",
"status": "affected",
"version": "0.9.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:54:18.252100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:57:05.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "router",
"vendor": "apollographql",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.5, \u003c 1.40.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T21:07:36.476Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj"
},
{
"name": "https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413"
}
],
"source": {
"advisory": "GHSA-cgqf-3cq5-wvcj",
"discovery": "UNKNOWN"
},
"title": "Apollo Router\u0027s Compressed Payloads do not respect HTTP Payload Limits"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28101",
"datePublished": "2024-03-06T21:07:36.476Z",
"dateReserved": "2024-03-04T14:19:14.058Z",
"dateUpdated": "2024-08-05T16:57:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.