Uncontrolled Resource Consumption
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-400: Uncontrolled Resource Consumption |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code copies data from compressed archives (like zip, gzip, or tar) without limiting how much is read. This can allow attackers to trigger a denial-of-service by providing extremely large or highly compressed files (decompression bombs).
Impact#
If exploited, an attacker could cause your application to consume excessive memory or disk space, potentially crashing the system or making it unresponsive. This could disrupt service availability and impact other users or processes running on the same server.