CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
low-riskThe product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
Abstraction: Base
Common Consequences
Availability
→
DoS: Amplification
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-28180 | 4.3 | 4.9% | — |
| CVE-2024-43499 | 7.5 | 0.7% | — |
| CVE-2023-26483 | 5.3 | 0.6% | — |
| CVE-2023-0821 | 6.5 | 0.5% | — |
| CVE-2024-54016 | 4.3 | 0.4% | — |
| CVE-2017-16129 | 5.9 | 0.4% | — |
| CVE-2025-66909 | 7.5 | 0.3% | — |
| CVE-2025-30153 | 7.5 | 0.3% | — |
| CVE-2025-46730 | 6.8 | 0.3% | — |
| CVE-2024-28101 | 7.5 | 0.3% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal