Reddit NetSec

CVE Database V5

AlienVault OTX General

Exploit-DB RSS Feed

Reddit InfoSec News

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

CVE-2024-55909 is a vulnerability identified in IBM Concert Software versions 1.0.0 through 1.0.5, classified under CWE-409, which pertains to improper handling of highly compressed data leading to data amplification. The core issue arises when an authenticated user uploads or processes archive files that are highly compressed. During the decompression or expansion phase, the software fails to properly control resource consumption, such as CPU and memory usage, which can be significantly amplified due to the nature of the compressed data. This uncontrolled resource consumption can result in a denial of service (DoS) condition, where the application or the underlying system becomes unresponsive or crashes due to exhaustion of resources. The vulnerability requires the attacker to have authenticated access, but no user interaction beyond that is necessary. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, meaning the attack can be launched remotely over the network with low attack complexity, requires privileges (authenticated user), no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. No known exploits are reported in the wild yet, and no patches have been linked at the time of this analysis. The vulnerability is specifically tied to the expansion of archive files without adequate resource consumption controls, making it a classic resource exhaustion or amplification attack scenario within the IBM Concert Software environment.

Detailed information about CVE-2024-55909: CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) in IBM Concert Software affecting IBM Concer

CVE-2024-55909: CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) in IBM Concert Software - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-55909: CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) in IBM Concert Software

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors.  MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, in versions up to and including 4.3.2, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server's disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server. This vulnerability can lead to complete server disruption in an organization which can affect other internal portals and tools too (which are hosted on the same server). If some organization has created their customized cloud based mobile security tool using MobSF core then an attacker can exploit this vulnerability to crash their servers. Commit 6987a946485a795f4fd38cebdb4860b368a1995d fixes this issue. As an additional mitigation, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user.

CVE-2025-46730 is a vulnerability in the Mobile-Security-Framework-MobSF, a widely used mobile application security testing tool. MobSF allows users to upload ZIP files for static analysis, which are then automatically extracted and stored on the server. Versions up to and including 4.3.2 do not impose any limits on the total uncompressed size of uploaded ZIP files. This flaw enables a ZIP of Death (zip bomb) attack, where an attacker crafts a maliciously compressed ZIP archive that is small in size but expands to an extremely large size upon extraction. Exploiting this vulnerability can exhaust the server's disk space, resulting in a denial of service (DoS) condition. Since MobSF is often deployed on centralized internal or cloud-based servers that host multiple security tools and web applications, the impact extends beyond MobSF itself, potentially disrupting other critical internal portals and services hosted on the same infrastructure. The vulnerability requires an attacker with at least some level of authenticated access (as indicated by the CVSS vector PR:H) but does not require user interaction. The vulnerability affects confidentiality and integrity minimally but severely impacts availability by causing server resource exhaustion. The issue has been addressed in a commit (6987a946485a795f4fd38cebdb4860b368a1995d) that implements checks on the uncompressed size of ZIP files before extraction. A recommended mitigation is to reject ZIP files whose estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), preventing resource exhaustion. No known exploits are reported in the wild as of now.

Detailed information about CVE-2025-46730: CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) in MobSF Mobile-Security-Framework-MobSF af

CVE-2025-46730: CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) in MobSF Mobile-Security-Framework-MobSF - Live Threat Intelligence - Threat Radar | OffSeq.com

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-409'

Filter Threats

Threats Tagged 'cwe-409'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility