1. Home
  2. Weaknesses
  3. CWE-409

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)

ID CWE-409
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 9
Detail Dashboard Vulnerabilities Web & Social
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.

Modes of Introduction

Phase Note
Architecture and Design
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-405 Asymmetric Resource Consumption (Amplification) Class Simple Incomplete

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date