> On 02 Dec 2015, at 00:44, Simon Liu <si...@bitcartel.com> wrote: > > Hi Matt/Pavel, > > Why is it scary/undesirable? Thanks.
Select your preferable compression library and google for it with +CVE. E.g. in zlib: http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html …allows remote attackers to cause a denial of service (crash) via a crafted compressed stream… …allows remote attackers to cause a denial of service (application crash)… etc. Do you want to expose such lib to the potential attacker? -- Pavel Janík _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
