In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyzip project rubyzip |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
redhat cloudforms 4.7 |
||
redhat cloudforms 5.11 |