Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2023-0821
Summary
HashiCorp Nomad and Nomad Enterprise in versions 1.2.15, 1.3.0-beta.1 through 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
References
Advisory Timeline
- Published