Improper Handling of Highly Compressed Data (Data Amplification)ID: 409 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The software does not handle or incorrectly handles a
compressed input with a very high compression ratio that produces a large
output.
Extended DescriptionAn example of data amplification is a "decompression bomb," a small ZIP
file that can produce a large amount of data when it is decompressed.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: amplificationDoS: crash / exit /
restartDoS: resource consumption
(CPU)DoS: resource consumption
(memory) | System resources, CPU and memory, can be quickly consumed. This can
lead to poor system performance or system crash. |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-409 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The DTD and the very brief XML below illustrate what is meant by an
XML bomb. The ZERO entity contains one character, the letter A. The choice
of entity name ZERO is being used to indicate length equivalent to that
exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers
to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or
2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32
characters in length, or 4 GB, probably consuming far more data than
expected. (Demonstrative Example Id DX-53)
Observed Examples
- CVE-2009-1955 : XML bomb in web server module
- CVE-2003-1564 : Parsing library allows XML bomb
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Data Amplification | |
CERT Java Secure Coding | IDS04-J | Limit the size of files passed to
ZipInputStream | |
References:None