Back to CWE list
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
Base
Incomplete
Description
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Availability
Impact
DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
CVE-2009-1955XML bomb in web server module
CVE-2003-1564Parsing library allows XML bomb
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now