...
CWE-409, Improper handling of highly compressed data (data amplification) | |
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 2-5, Check that inputs do not cause excessive resource consumption |
Android Implementation Details
Although not directly a violation of this rule, the Android Master Key vulnerability (insecure use of ZipEntry) is related to this rule. Another attack vector found by a Chinese researcher is also related to this rule.
Bibliography
...