Author: Pavel JanÃk 2015-12-02 06:47:28
Published on: 2015-12-02T06:47:28+00:00
In an email conversation on December 2, 2015, Simon Liu asks Matt and Pavel why it is scary or undesirable to select a compression library and search for it with +CVE. Pavel suggests searching for CVEs in the selected compression library and provides an example using zlib. He notes that the CVE details for zlib show vulnerabilities that allow remote attackers to cause a denial of service or application crash. Pavel questions whether it is wise to expose such a library to potential attackers.
Updated on: 2023-06-11T01:31:25.226175+00:00