zip bomb

A zip bomb is a malicious archive file designed to cause denial of service by consuming excessive system resources during extraction. Discussions on WindowsForum cover CVE-2024-0450, a vulnerability in Python's zipfile module that allowed quoted-overlap zip bombs to bypass detection. The patch causes zipfile to reject archives with overlapping entries, mitigating asymmetric resource consumption. While the attack requires local access, the risk extends to servers, CI pipelines, and appliances using Python for archive processing. The tag explores how zip bombs exploit ZIP metadata and the importance of patching Python and related tools to prevent resource exhaustion.