You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
data amplification
About this tag
The data amplification tag on WindowsForum.com covers security vulnerabilities where an attacker exploits compression to cause disproportionate resource consumption. A key example is CVE-2024-28180 in the Go JOSE library, where a crafted JWE token forces decompression of highly compressed data, leading to CPU and memory exhaustion and potential denial-of-service. Discussions focus on understanding the flaw, its impact on services using Decrypt or DecryptMulti without limits, and applying patches. The tag is relevant for developers and IT professionals working with JSON Web Encryption and seeking to mitigate data amplification attacks in their applications.
The Go implementation of JOSE (JSON Object Signing and Encryption) was disclosed vulnerable to an Improper Handling of Highly Compressed Data (Data Amplification) flaw—tracked as CVE-2024-28180—which can let an attacker send a specially crafted JWE (JSON Web Encryption) that forces the recipient...