Read Time:36 Second
Description
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
An example of data amplification is a “decompression bomb,” a small ZIP file that can produce a large amount of data when it is decompressed.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.
Potential Mitigations
CVE References
- CVE-2009-1955
- XML bomb in web server module
- CVE-2003-1564
- Parsing library allows XML bomb