search

github / securitylab

Resources related to GitHub Security Lab
https://securitylab.github.com
MIT License
1.39k stars 243 forks source link

[C/C++]: DOS through Decompression #779

Closed am0o0 closed 18 hours ago

am0o0 commented 1 year ago

Query PR

https://github.com/github/codeql/pull/13560

Language

C/C++

CVE(s) ID list

CWE

No response

Report

Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks. Attackers can compress a huge file which created by repeated similar byte and convert it to a small compressed file.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

No response

Kwstubbs commented 11 months ago

@amammad could I get a database for one of these CVES? thanks

Kwstubbs commented 3 months ago

@am0o0 pinging for CodeQL database so I start scoring

ghsecuritylab commented 2 months ago

Your submission is now in status Query review.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

xcorail commented 18 hours ago

Created Hackerone report 2705501 for bounty 616063 : [779] [C/C++]: DOS through Decompression