Jump to content

Algorithmic complexity attack

From Wikipedia, the free encyclopedia

An algorithmic complexity attack (ACA) is a form of attack in which an attacker sends a pattern of requests to a computer system that triggers the worst-case performance of the algorithms it uses. In turn, this may exhaust the resources the system uses.[1] Examples of such attacks include ReDOS,[2] zip bombs and exponential entity expansion attacks.


  1. ^ Crosby, Scott A.; Wallach, Dan S. (2003). "Denial of Service via Algorithmic Complexity Attacks". Proceedings of the 12th USENIX Security Symposium.
  2. ^ "Regular expression Denial of Service - ReDoS | OWASP Foundation". owasp.org. Retrieved 2023-10-17.

Related works[edit]