Request/response decompression checks the size of compressed instead of decompressed bytes

@adtrevor

Impact

When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes which allows to remotely cause a denial-of-service in a client/server.

Patches

Released on swift-nio-extras version 1.4.1.

Workarounds

Use the .ratio decompression limit.

Thanks

Many thanks to @adtrevor for the bug report & fix.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request/response decompression checks the size of compressed instead of decompressed bytes

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

Thanks

Severity

CVE ID

Weaknesses

Credits