CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
CWE-409
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Improper Handling of Highly Compressed Data (Data Amplification)
- Description
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.
- Common Consequences
Scope: Availability
Impact: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Notes: System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website