Author nikratio
Recipients Arfrever, christian.heimes, eric.araujo, nadeem.vawda, nikratio, pitrou, serhiy.storchaka
Date 2013-04-21.23:04:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1366585475.05.0.848948505443.issue15955@psf.upfronthosting.co.za>
In-reply-to
Content
The lack of output size limiting has security implications as well.

Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data.
History
Date User Action Args
2013-04-21 23:04:35nikratiosetrecipients: + nikratio, pitrou, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, serhiy.storchaka
2013-04-21 23:04:35nikratiosetmessageid: <1366585475.05.0.848948505443.issue15955@psf.upfronthosting.co.za>
2013-04-21 23:04:35nikratiolinkissue15955 messages
2013-04-21 23:04:35nikratiocreate