Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)) — Vulnerability Class 39

39 vulnerabilities classified as CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)). AI Chinese analysis included.

CWE-409 represents a critical input validation weakness where software fails to adequately manage inputs with extreme compression ratios, leading to data amplification during decompression. Attackers typically exploit this vulnerability by crafting malicious archives, such as "decompression bombs," which are deceptively small but expand into massive amounts of data upon extraction. This exploitation can rapidly exhaust system memory, CPU resources, or disk space, resulting in denial-of-service conditions or application crashes. To mitigate this risk, developers must implement strict limits on decompression sizes and monitor resource consumption during the process. Effective defenses include setting maximum allowable output thresholds, using timeout mechanisms to halt prolonged decompression tasks, and validating input complexity before processing. By enforcing these constraints, organizations can prevent attackers from leveraging compression algorithms to overwhelm system resources and maintain service availability.

MITRE CWE Description
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.
Common Consequences (1)
AvailabilityDoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.
Examples (1)
The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity …
<?xml version="1.0"?> <!DOCTYPE MaliciousDTD [ <!ENTITY ZERO "A"> <!ENTITY ONE "&ZERO;&ZERO;"> <!ENTITY TWO "&ONE;&ONE;"> ... <!ENTITY THIRTYTWO "&THIRTYONE;&THIRTYONE;"> ]> <data>&THIRTYTWO;</data>
Attack · XML
CVE IDTitleCVSSSeverityPublished
CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab — GitLab 4.3 Medium2024-05-23
CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy — scrapy/scrapy 9.8 -2024-04-16
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) — go-jose 4.3 Medium2024-03-09
CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits — router 7.5 High2024-03-06
CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb — gosaml2 5.3 Medium2023-03-03
CVE-2023-0821 Nomad Client Vulnerable to Decompression Bombs in Artifact Block — Nomad 6.5 Medium2023-02-16
CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs — go-getter 4.2 Medium2023-02-16
CVE-2022-37439 Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input — Splunk Enterprise 5.5 Medium2022-08-16
CVE-2017-16129 superagent 安全漏洞 — superagent node module 5.9 -2018-06-07

Vulnerabilities classified as CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)) represent 39 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.