Rapid7 VulnDB

Gzip Memory Bomb Denial Of Service

Back to Search

Gzip Memory Bomb Denial Of Service

Disclosed
01/01/2004
Created
05/30/2018

Description

This module generates and hosts a 10MB single-round gzip file that decompresses to 10GB. Many applications will not implement a length limit check and will eat up all memory and eventually die. This can also be used to kill systems that download/parse content from a user-provided URL (image-processing servers, AV, websites that accept zipped POST data, etc). A FILEPATH datastore option can also be provided to save the .gz bomb locally. Some clients (Firefox) will allow for multiple rounds of gzip. Most gzip utils will correctly deflate multiple rounds of gzip on a file. Setting ROUNDS=3 and SIZE=10240 (default value) will generate a 300 byte gzipped file that expands to 10GB.

Author(s)

  • info <info@aerasec.de>
  • joev <joev@metasploit.com>

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/dos/http/gzip_bomb_dos
msf auxiliary(gzip_bomb_dos) > show actions
    ...actions...
msf auxiliary(gzip_bomb_dos) > set ACTION < action-name >
msf auxiliary(gzip_bomb_dos) > show options
    ...show and set options...
msf auxiliary(gzip_bomb_dos) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;