Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Curated by Mondoo Research, enhanced with AI

Star us on GitHub!

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) | Mondoo Vulnerability Intelligence

CWE-409

BaseIncomplete

Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

1 related weaknesses

An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.

AvailabilityDoS: AmplificationDoS: Crash, Exit, or RestartDoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)

System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.

Architecture and DesignImplementation

XML bomb in web server module

Parsing library allows XML bomb