[C/C++]: DOS through Decompression #779

am0o0 · 2023-07-31T11:08:31Z

Query PR

github/codeql#13560

Language

C/C++

CVE(s) ID list

CWE

No response

Report

Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks. Attackers can compress a huge file which created by repeated similar byte and convert it to a small compressed file.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Yes
No

Blog post link

No response

Kwstubbs · 2023-09-20T07:09:55Z

@amammad could I get a database for one of these CVES? thanks

Kwstubbs · 2024-05-31T22:54:46Z

@am0o0 pinging for CodeQL database so I start scoring

ghsecuritylab · 2024-06-24T21:10:24Z

Your submission is now in status Query review.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

am0o0 added the All For One Submissions to the All for One, One for All bounty label Jul 31, 2023

Kwstubbs self-assigned this Aug 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[C/C++]: DOS through Decompression #779

[C/C++]: DOS through Decompression #779

am0o0 commented Jul 31, 2023

Kwstubbs commented Sep 20, 2023

Kwstubbs commented May 31, 2024 •

edited

Loading

ghsecuritylab commented Jun 24, 2024

[C/C++]: DOS through Decompression #779

[C/C++]: DOS through Decompression #779

Comments

am0o0 commented Jul 31, 2023

Query PR

Language

CVE(s) ID list

CWE

Report

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

Kwstubbs commented Sep 20, 2023

Kwstubbs commented May 31, 2024 • edited Loading

ghsecuritylab commented Jun 24, 2024

Kwstubbs commented May 31, 2024 •

edited

Loading