Monthly
Denial of service in CrowdSec Local API (LAPI) versions 1.7.0 through 1.7.7 allows an attacker to exhaust server heap memory by submitting concurrent gzip-compressed requests to unauthenticated endpoints, causing the OS to forcibly terminate the LAPI process. The root cause is the global use of gin-contrib/gzip's DefaultDecompressHandle middleware in pkg/apiserver/controllers/controller.go without any cap on decompressed body size, enabling classic zip-bomb-style memory exhaustion. This is exploitable only when LAPI is network-exposed (non-default multi-server deployments); default single-server configurations bind LAPI to loopback only. No public exploit or KEV listing exists at time of analysis; patch version 1.7.8 is available.
Decompression bomb (data amplification) in ExifReader npm package before 4.39.0 allows remote unauthenticated attackers to exhaust server memory by supplying a crafted PNG file with a highly compressed zTXt metadata chunk. The vulnerable path activates only when the caller enables asynchronous parsing (`async: true`), at which point ExifReader decompresses the chunk via the Compression Streams API with no upper bound on output size. Publicly available proof-of-concept exploit code exists (E:P); this CVE is not listed in CISA KEV.
Remote unauthenticated attackers can crash Klever-Go blockchain validators by sending a single 48 KiB compressed gossip packet that decompresses to multi-gigabyte allocations, killing the process via out-of-memory condition. The vulnerability in Batch.Decompress performs unbounded gzip decompression before anti-flood checks execute, enabling a single malicious peer to OOM-kill validators and disrupt chain liveness. Proof-of-concept demonstrates 45,604× amplification (48 KiB wire → 2.1 GiB heap). No public exploit identified at time of analysis, but vendor confirms internal discovery and patch development in progress.
Denial-of-service in Audiobookshelf prior to version 2.32.2 allows authenticated admin users to crash the server by uploading a specially crafted ZIP file to the backup upload endpoint. The vulnerability stems from decompressing ZIP entries without size limits, enabling an attacker to craft a highly compressed archive that consumes gigabytes of memory when extracted, exhausting server resources and triggering an out-of-memory condition.
Decompression bomb safeguards in urllib3 2.6.0 can be bypassed during streaming API operations, causing excessive CPU and memory consumption on client systems. Applications using urllib3 versions 2.6.0 through 2.6.x that stream Brotli-compressed responses with multiple read() calls, or invoke drain_conn() after partial decompression, may decompress entire payloads instead of requested chunks. This allows malicious servers to trigger resource exhaustion attacks against urllib3 clients. Vendor-released patch (version 2.7.0) confirmed by GitHub advisory GHSA-mf9v-mfxr-j63j. No public exploit identified at time of analysis, but exploitation requires only a malicious HTTP server delivering compressed responses - a low-complexity attack scenario.
Tandoor Recipes versions prior to 2.6.5 suffer from a denial-of-service vulnerability in the recipe import functionality that allows authenticated users to crash the application server or severely degrade performance by uploading a specially crafted ZIP bomb file. The vulnerability affects recipe management and meal planning features accessible to authenticated users and has been patched in version 2.6.5.
Disk exhaustion in PraisonAI prior to 4.5.128 allows remote attackers to consume arbitrary disk space by publishing malicious recipe bundles containing highly compressible data that expand dramatically during extraction. The vulnerability exists in the _safe_extractall() function, which validates only path traversal attacks but lacks checks on individual member sizes, cumulative extracted size, or member count before tar extraction, enabling an unauthenticated attacker to trigger denial of service via LocalRegistry.pull() or HttpRegistry.pull() with minimal user interaction.
Memory exhaustion in JWCrypto before 1.5.7 allows unauthenticated remote attackers to cause denial of service on memory-constrained systems by sending crafted JWE tokens with ZIP compression that decompress to approximately 100MB despite remaining under the 250KB input size limit. The vulnerability exploits incomplete validation in the upstream CVE-2024-28102 patch, which restricted input token size but failed to enforce decompressed output limits.
Mattermost server versions 10.11.x through 11.4.x fail to validate decompressed archive entry sizes during ZIP file extraction, allowing authenticated users with file upload permissions to trigger denial of service by uploading crafted zip bombs that exhaust server memory. The vulnerability affects Mattermost 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0, with CVSS 6.5 (medium) reflecting the requirement for prior authentication and limited scope (availability impact only). No public exploit identified at time of analysis, though the attack vector is network-accessible and requires low complexity once an attacker has valid upload credentials.
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability that selectively bypasses safety checks for tar.bz2 skill archives while other formats enforce proper validation. An attacker can craft a malicious tar.bz2 skill archive that circumvents special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation when a user interacts with the installer. This is a local, user-interaction-dependent vulnerability with no authentication required, rated CVSS 5.5 (medium severity) with denial of service impact.
Denial of service in CrowdSec Local API (LAPI) versions 1.7.0 through 1.7.7 allows an attacker to exhaust server heap memory by submitting concurrent gzip-compressed requests to unauthenticated endpoints, causing the OS to forcibly terminate the LAPI process. The root cause is the global use of gin-contrib/gzip's DefaultDecompressHandle middleware in pkg/apiserver/controllers/controller.go without any cap on decompressed body size, enabling classic zip-bomb-style memory exhaustion. This is exploitable only when LAPI is network-exposed (non-default multi-server deployments); default single-server configurations bind LAPI to loopback only. No public exploit or KEV listing exists at time of analysis; patch version 1.7.8 is available.
Decompression bomb (data amplification) in ExifReader npm package before 4.39.0 allows remote unauthenticated attackers to exhaust server memory by supplying a crafted PNG file with a highly compressed zTXt metadata chunk. The vulnerable path activates only when the caller enables asynchronous parsing (`async: true`), at which point ExifReader decompresses the chunk via the Compression Streams API with no upper bound on output size. Publicly available proof-of-concept exploit code exists (E:P); this CVE is not listed in CISA KEV.
Remote unauthenticated attackers can crash Klever-Go blockchain validators by sending a single 48 KiB compressed gossip packet that decompresses to multi-gigabyte allocations, killing the process via out-of-memory condition. The vulnerability in Batch.Decompress performs unbounded gzip decompression before anti-flood checks execute, enabling a single malicious peer to OOM-kill validators and disrupt chain liveness. Proof-of-concept demonstrates 45,604× amplification (48 KiB wire → 2.1 GiB heap). No public exploit identified at time of analysis, but vendor confirms internal discovery and patch development in progress.
Denial-of-service in Audiobookshelf prior to version 2.32.2 allows authenticated admin users to crash the server by uploading a specially crafted ZIP file to the backup upload endpoint. The vulnerability stems from decompressing ZIP entries without size limits, enabling an attacker to craft a highly compressed archive that consumes gigabytes of memory when extracted, exhausting server resources and triggering an out-of-memory condition.
Decompression bomb safeguards in urllib3 2.6.0 can be bypassed during streaming API operations, causing excessive CPU and memory consumption on client systems. Applications using urllib3 versions 2.6.0 through 2.6.x that stream Brotli-compressed responses with multiple read() calls, or invoke drain_conn() after partial decompression, may decompress entire payloads instead of requested chunks. This allows malicious servers to trigger resource exhaustion attacks against urllib3 clients. Vendor-released patch (version 2.7.0) confirmed by GitHub advisory GHSA-mf9v-mfxr-j63j. No public exploit identified at time of analysis, but exploitation requires only a malicious HTTP server delivering compressed responses - a low-complexity attack scenario.
Tandoor Recipes versions prior to 2.6.5 suffer from a denial-of-service vulnerability in the recipe import functionality that allows authenticated users to crash the application server or severely degrade performance by uploading a specially crafted ZIP bomb file. The vulnerability affects recipe management and meal planning features accessible to authenticated users and has been patched in version 2.6.5.
Disk exhaustion in PraisonAI prior to 4.5.128 allows remote attackers to consume arbitrary disk space by publishing malicious recipe bundles containing highly compressible data that expand dramatically during extraction. The vulnerability exists in the _safe_extractall() function, which validates only path traversal attacks but lacks checks on individual member sizes, cumulative extracted size, or member count before tar extraction, enabling an unauthenticated attacker to trigger denial of service via LocalRegistry.pull() or HttpRegistry.pull() with minimal user interaction.
Memory exhaustion in JWCrypto before 1.5.7 allows unauthenticated remote attackers to cause denial of service on memory-constrained systems by sending crafted JWE tokens with ZIP compression that decompress to approximately 100MB despite remaining under the 250KB input size limit. The vulnerability exploits incomplete validation in the upstream CVE-2024-28102 patch, which restricted input token size but failed to enforce decompressed output limits.
Mattermost server versions 10.11.x through 11.4.x fail to validate decompressed archive entry sizes during ZIP file extraction, allowing authenticated users with file upload permissions to trigger denial of service by uploading crafted zip bombs that exhaust server memory. The vulnerability affects Mattermost 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0, with CVSS 6.5 (medium) reflecting the requirement for prior authentication and limited scope (availability impact only). No public exploit identified at time of analysis, though the attack vector is network-accessible and requires low complexity once an attacker has valid upload credentials.
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability that selectively bypasses safety checks for tar.bz2 skill archives while other formats enforce proper validation. An attacker can craft a malicious tar.bz2 skill archive that circumvents special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation when a user interacts with the installer. This is a local, user-interaction-dependent vulnerability with no authentication required, rated CVSS 5.5 (medium severity) with denial of service impact.