Skip to main content

Improper Handling of Highly Compressed Data (Data Amplification)

CVE-2023-0821

Severity Medium
Score 6.5/10

Summary

HashiCorp Nomad and Nomad Enterprise in versions 1.2.15, 1.3.0-beta.1 through 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Advisory Timeline

  • Published