Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-32630

Опубликовано: 13 мар. 2026
Источник: redhat
CVSS3: 5.3

Описание

A flaw was found in file-type, a utility for detecting file types. A remote attacker could exploit this vulnerability by providing a specially crafted ZIP file to an application using file-type's buffer or file-based detection functions. This can lead to excessive memory growth, causing a Denial of Service (DoS) due to the application attempting to inflate and process a much larger payload than expected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 4io.cryostat-cryostatNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-operator-bundleNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-proxy-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-rhel9-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-curator5-rhel9Not affected
Red Hat build of Apicurio Registry 2io.apicurio-apicurio-registryNot affected
Red Hat Data Grid 8org.infinispan-infinispan-consoleNot affected
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-409
https://bugzilla.redhat.com/show_bug.cgi?id=2447514file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-32630

CVSS3: 5.3
nvd
11 дней назад

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a result, a small compressed ZIP can cause file-type to inflate and process a much larger payload while probing ZIP-based formats such as OOXML. This vulnerability is fixed in 21.3.2.

github логотип

GHSA-j47w-4g3g-c36v

CVSS3: 5.3
github
13 дней назад

file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry

5.3 Medium

CVSS3