📅 Original date posted:2015-12-02 📝 Original message:> On 02 Dec 2015, at ...

2023-06-07 17:45:28

📅 Original date posted:2015-12-02
📝 Original message:> On 02 Dec 2015, at 00:44, Simon Liu <simon at bitcartel.com> wrote:
>
> Hi Matt/Pavel,
>
> Why is it scary/undesirable? Thanks.

Select your preferable compression library and google for it with +CVE.

E.g. in zlib:

http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html

…allows remote attackers to cause a denial of service (crash) via a crafted compressed stream…
…allows remote attackers to cause a denial of service (application crash)…
etc.

Do you want to expose such lib to the potential attacker?
--
Pavel Janík

Author Public Key

npub16t7f9mxe6a2slagy5m9vxssf54772e2crdczpyk4c97nvletewhq0jv5ke

Seen on

wss://relay.nostr.band

Show more details

Pavel Janík [ARCHIVE] on Nostr: 📅 Original date posted:2015-12-02 📝 Original message:> On 02 Dec 2015, at ...