You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to Cara Marie, an archive bomb a.k.a. A zip bomb is often employed to disable antivirus software, in order to create an opening for more traditional viruses. In addition, various kinds of pitfalls may occur during decompression.
It often appeared as a relatively small size zip file. And the unzipped file will be much larger than the zipped one.
This would probably cause a problem when your disk volume or memory is relatively small than the unzipped one.
How do we defense zip bomb?
Defense Layer 1 - checks perform on the server side.
1. Check if it's a nested zip file. (i.e. 42.zip)
2. Check if the compression ratio (Uncompressed Content/Compressed Content)
is greater than the threshold?
3. Check if the file format is expected for context.
4. Upload file size does not exceed the maximum limit.
Defense Layer 2 - limit the number of resources available to the process and its children.
1. Check if CPU time is greater than the threshold.
2. Check if the extracted part in memory is oversized. (memory usage)
Defense Layer 3 - filetype-specific mitigations.
Filetype: Archives
1. Restrict output file size and number of extracted files
to ensure the total doesn't exceed the maximum limit.
