[HN Gopher] Visual Studio 2022 ate up 100 GB of memory and what ...
       ___________________________________________________________________
        
       Visual Studio 2022 ate up 100 GB of memory and what XML bomb is
        
       Author : AndreyKarpov
       Score  : 9 points
       Date   : 2021-10-31 20:08 UTC (2 hours ago)
        
 (HTM) web link (pvs-studio.com)
 (TXT) w3m dump (pvs-studio.com)
        
       | ducharmdev wrote:
       | Interesting, I wonder if a nuget package could act as a vehicle
       | for this. Since this post is about a preview version though, have
       | they addressed this for the final release next month?
        
       | gnabgib wrote:
       | Many, many, tools/scanners will fall prey to XML, YAML and zip
       | bombs because of the nature of the decoder. There's not a good
       | reason why you're deliberately running a processor on these
       | exploits unless you thought the file was safe (supply chain
       | attack?), you made a mistake (set timeout=0), or want to make a
       | point.
       | 
       | The conclusion is particularly egregious "This is how we -
       | unexpectedly - saw an XML bomb in action. It was very interesting
       | to explore a real-life popular application and find something
       | like this". A deliberately crafted bomb, opened in a not-yet-
       | popular preview isn't an unexpected or real-life situation. Maybe
       | their analyzer helps, but this isn't convincing.
        
       ___________________________________________________________________
       (page generated 2021-10-31 23:02 UTC)