These are highly compressed files that, when opened, expand into petabytes of data, causing a Denial of Service (DoS) by exhausting system memory.
Malicious custom ZIP extraction logic has been identified in npm packages to steal credentials from developer workstations. Community and Creativity: Modding and Customization ENVIRONMENTAL IMPACTS OF THE DIGITAL ECONOMY custom.zip
Known as "Zip Slip," this vulnerability allows attackers to write arbitrary files to a system during the extraction process, potentially leading to remote code execution. These are highly compressed files that, when opened,
While utilitarian, custom archives present significant security challenges. Attackers often craft malicious ZIP files—sometimes called "custom zip bombs"—designed to bypass standard antivirus scanners by exploiting semantic gaps between different parser implementations. These are highly compressed files that