Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gzip Decompression Bomb via Content-Encoding Header
Vulnerability Description
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Orthanc 安全漏洞
Vulnerability Description
Orthanc是Orthanc公司的一款免费的开源软件。 Orthanc存在安全漏洞,该漏洞源于处理带有Content-Encoding: gzip的HTTP请求时存在gzip解压缩炸弹漏洞,可能导致触发过度内存分配并耗尽系统内存。
CVSS Information
N/A
Vulnerability Type
N/A