Zlib Compression Bomb Attack
A type of denial-of-service attack that exploits data compression to overwhelm systems.
Understanding Zlib Compression Bomb Attack
A Zlib Compression Bomb Attack is a denial-of-service (DoS) attack that exploits the Zlib compression library used in various applications, including file compression, network protocols, and web servers. The attack involves highly compressed files that expand to an enormous size, consuming excessive memory and CPU resources, leading to system crashes or slowdowns.
How Zlib Compression Bombs Work
Crafting a Malicious File
Attackers create a tiny, highly compressed file (e.g., few kilobytes) that, when decompressed, expands to gigabytes or terabytes in size.
Triggering Decompression
When a system automatically decompresses the file (e.g., in email attachments, web uploads, or antivirus scans), it overloads memory and processing power, causing a crash or slowdown.
Disrupting Services
Applications or services relying on automatic decompression may become unresponsive or unusable, leading to denial of service for users.
Preventing Zlib Compression Bomb Attacks
Limit File Size Before Decompression – Restrict maximum extracted file size to prevent system overload.
Use Sandboxing for File Analysis – Decompress files in an isolated environment to detect malicious payloads.
Monitor Resource Utilization – Detect sudden CPU or memory spikes during decompression.
Patch Zlib Library Vulnerabilities – Keep Zlib-based applications updated to fix security flaws.