CVE-2024-28102: Python Unbounded Zlib Decompression
Unbounded decompression using `zlib.decompress` without checking the size of the compressed data can lead to a Denial of Service (DoS) attack (zip bomb). An attacker can provide a small, highly compressed payload that consumes massive amounts of memory and CPU when decompressed. Check the length of the compressed data before decompressing, or use `zlib.decom
greprules fetch cve-2024-28102-python-unbounded-zlib-decompression --engine opengrepDescription
Unbounded decompression using `zlib.decompress` without checking the size of the compressed data can lead to a Denial of Service (DoS) attack (zip bomb). An attacker can provide a small, highly compressed payload that consumes massive amounts of memory and CPU when decompressed. Check the length of the compressed data before decompressing, or use `zlib.decom
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.