Improper Handling of Highly Compressed Data (Data Amplification)

CVE-2024-12387

Medium

6.5/10

Summary

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

References

Advisory Timeline

Published Mar 20, 2025

Improper Handling of Highly Compressed Data (Data Amplification)

CVE-2024-12387

Summary

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS