Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)) — Vulnerability Class 39

39 vulnerabilities classified as CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import — recipes 6.5 Medium2026-04-10
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits — PraisonAI 6.5 Medium2026-04-09
CVE-2026-39373 JWCrypto: JWE ZIP decompression bomb — jwcrypto 5.3 Medium2026-04-07
CVE-2026-3114 Zip Bomb Denial of Service via Unrestricted Archive Decompression — Mattermost 6.5 Medium2026-03-26
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation — OpenClaw 5.5 Medium2026-03-21
CVE-2026-2575 Keycloak: keycloak: denial of service due to excessive samlrequest decompression — Red Hat build of Keycloak 26.4 5.3 Medium2026-03-18
CVE-2026-32630 file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry — file-type 5.3 Medium2026-03-13
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate — OTP 7.5 -2026-03-13
CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression — undici 7.5 High2026-03-12
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS — Markus 6.5 Medium2026-03-06
CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps — psd-tools 6.5AIMediumAI2026-02-25
CVE-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoS — nats-server 5.9 Medium2026-02-24
CVE-2026-22870 GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS — guarddog 7.5AIHighAI2026-01-13
CVE-2026-22776 cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb — cpp-httplib 7.5AIHighAI2026-01-12
CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) — urllib3 7.5 -2026-01-07
CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb — aiohttp 7.5 High2026-01-05
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data — urllib3 9.8 -2025-12-05
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM — pypdf 4.3 -2025-10-22
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack — netty 7.5AIHighAI2025-09-03
CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack — Mobile-Security-Framework-MobSF 6.8 Medium2025-05-05
CVE-2024-55909 IBM Concert Software denial of service — Concert Software 6.5 Medium2025-05-02
CVE-2025-32949 PeerTube User Import Authenticated Resource Exhaustion 6.5 Medium2025-04-15
CVE-2025-0986 IBM PowerVM Hypervisor data manipulation — PowerVM Hypervisor 4.5 Medium2025-03-28
CVE-2024-12387 Improper Input Validation in binary-husky/gpt_academic — binary-husky/gpt_academic 7.5 -2025-03-20
CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama — ollama/ollama 7.5 -2025-03-20
CVE-2024-7765 Denial of Service in h2oai/h2o-3 — h2oai/h2o-3 7.5 -2025-03-20
CVE-2024-54016 compression bomb attack in Apache Seata Server — Apache Seata (incubating) 9.1 -2025-03-20
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter — kin-openapi 7.5 High2025-03-19
CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation — Mattermost 6.5 Medium2024-12-16
CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability — Microsoft Visual Studio 2022 version 17.6 7.5 High2024-11-12

Vulnerabilities classified as CWE-409 (对高度压缩数据的处理不恰当(数据放大攻击)) represent 39 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.