CWE-409 – Improper Handling of Highly Compressed Data (Data Amplification)

Read Time:36 Second

Description

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

An example of data amplification is a “decompression bomb,” a small ZIP file that can produce a large amount of data when it is decompressed.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-405

 

Consequences

Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.

 

Potential Mitigations

CVE References