CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)
AI Translation Available

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Status
incomplete
Abstraction
base

An example of data amplification is a 'decompression bomb,' a small ZIP file that can produce a large amount of data when it is decompressed.

Common Consequences

availability
Impacts
dos: amplification dos: crash, exit, or restart dos: resource consumption (cpu) dos: resource consumption (memory)

Potential Mitigations