logo

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

CWE-409

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Improper Handling of Highly Compressed Data (Data Amplification)

Description

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.

Common Consequences

Scope: Availability

Impact: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

Notes: System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website