πŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Compression Bomb

A compression bomb is a maliciously crafted compressed file designed to consume excessive resources, such as memory and processing power, when decompressed. These files typically exploit a high compression ratio, where a small compressed file expands into an enormous amount of data upon extraction. An attacker can use compression bombs to perform denial-of-service (DoS) attacks, overwhelming systems and rendering them unresponsive.

Remediation

  • Set strict limits on memory, CPU, and disk space usage during decompression processes to prevent excessive resource consumption.
  • Check the ratio between compressed and uncompressed file sizes, and reject files that exceed a reasonable threshold.
  • Impose maximum size limits for both compressed and decompressed files.
  • Use decompression libraries with safeguards against resource-intensive operations and well-defined limits.
  • Set time limits for decompression tasks to prevent prolonged resource consumption.

Metadata

  • Severity: low
  • Slug: compression-bomb

CWEs

  • 400: Uncontrolled Resource Consumption

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing β€” fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.