Closed am0o0 closed 2 months ago
hi @am0o0 the query DecompressionBomb.ql does not find any findings in the database "DB_CVE-2022-4565.zip". Please let me know if you can get it working.
Your submission is now in status Test run.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Results analysis.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Query review.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Created Hackerone report 2636036 for bounty 603861 : [774] [Java]: DOS through Decompression
Query PR
https://github.com/github/codeql/pull/13555
Language
Java
CVE(s) ID list
CWE
No response
Report
Extracting Compressed files with any compression algorithm like gzip can cause denial of service attacks. Attackers can compress a huge file created by repeated similar bytes and convert it to a small compressed file. Added modeling for multiple CLI third parties. I found some CVEs that contain Remote Flow sources of Apache Commons upload and Servlet Multipart which a really valuable Remote Flow sources and exist in many popular open-source repositories. Because this query contains file upload I needed to add these Flow Sources within this pull request.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response