Vulnerabilities that just won’t die – Compression Bombs
From the post:
Recently Cyberis has reviewed a number of next-generation firewalls and content inspection devices – a subset of the test cases we formed related to compression bombs – specifically delivered over HTTP. The research prompted us to take another look at how modern browsers handle such content given that the vulnerability (or perhaps more accurately, ‘common weakness’ – http://cwe.mitre.org/data/definitions/409.html) has been reported and well known for over ten years. The results surprised us – in short, the majority of web browsers are still vulnerable to compression bombs leading to various denial-of-service conditions, including in some cases, full exhaustion of all available disk space with no user input.
“[F]ull exhaustion of all available disk space with no user input,”
sounds bad to me.
Does your topic map software protect itself against compression bombs?