CVE-2026-43970— Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY header compression dictionary (?ZDICT) is public, and zlib compresses long runs of repeated bytes at roughly 1024:1, so a few kilobytes of SPDY frame payload can decompress to gigabytes on the BEAM heap, OOM-killing the node. A single unauthenticated SPDY frame is sufficient to trigger the condition. The parsers for syn_stream, syn_reply, and headers frame types are all affected via cow_spdy:parse_headers/2. This issue affects cowlib from 0.1.0 before 2.16.1.

N/A

对高度压缩数据的处理不恰当(数据放大攻击)

Cowlib 安全漏洞

Cowlib是Nine Nines开源的一个Web协议消息解析与构建库。 Cowlib 0.1.0版本至2.16.1之前版本存在安全漏洞，该漏洞源于对高度压缩数据处理不当，cow_spdy:inflate/2函数未限制输出大小，可能导致未经身份验证的远程攻击者通过内存耗尽造成拒绝服务。

N/A

N/A