JWEObject.decrypt must reject compressed cipher texts that are too large

Issue #545 resolved

Vladimir Dzhuvinov created an issue 2024-05-08

Proposed cut off: 250KBytes.

Implement max length of 100K chars (cipher text of compressed plain text).

Comments (5)

Vladimir Dzhuvinov reporter
- edited description
- changed title to JWEObject.decrypt must reject compressed cipher texts that are too large
- 2024-05-08T19:07:24+00:00
Vladimir Dzhuvinov reporter
- changed status to resolved
Done: cb37910eab871fd6e0224eae0ec0e939d4f28945
- 2024-05-08T19:09:52+00:00
Marten Vogel
Hi Vladimir,

i am developer using nimbus for the transmission of much larger (compressed ) payloads than the now enforced 100_000 chars.
I would be more than grateful if you could give some feedback on why the decision to restrict the compressed plain text was made ?

Thank you so much in advance !

Best regards,
Martin
- 2024-05-15T09:31:05+00:00
Vladimir Dzhuvinov reporter
Hi Marten,

A recent sec audit revealed that without a limit on the compressed payload, lib deployments can be vulnerable to ZIP bomb attacks:

https://en.wikipedia.org/wiki/Zip_bomb

We are trying to figure out a way to configure the limit, but we first had to close this path to exploit compression with JWEs.

I suggest you go back to a previous version until we figure out how to make this configurable via the lib API.
- 2024-05-15T10:38:36+00:00
Marten Vogel
Thanks
- 2024-05-16T12:32:19+00:00
Log in to comment