Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-2457-2263-MM9F
HistoryJan 21, 2022 - 11:19 p.m.

Memory leak in micronaut-core

2022-01-2123:19:36
CWE-400
GitHub Advisory Database
github.com
26
micronaut-core
memory leak
vulnerability
patch
workaround
content type
conversionservice.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

40.1%

JSON

Impact

Sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously used in static state.

Patches

The problem is patched in Micronaut 3.2.7 and above.

Workarounds

The default content type binder can be replaced in an existing Micronaut application to mitigate the issue:

package example;

import java.util.List;
import io.micronaut.context.annotation.Replaces;
import io.micronaut.core.convert.ConversionService;
import io.micronaut.http.MediaType;
import io.micronaut.http.bind.DefaultRequestBinderRegistry;
import io.micronaut.http.bind.binders.RequestArgumentBinder;
import jakarta.inject.Singleton;

@Singleton
@Replaces(DefaultRequestBinderRegistry.class)
class FixedRequestBinderRegistry extends DefaultRequestBinderRegistry {

    public FixedRequestBinderRegistry(ConversionService conversionService,
                                      List<RequestArgumentBinder> binders) {
        super(conversionService, binders);
    }

    @Override
    protected void registerDefaultConverters(ConversionService<?> conversionService) {
        super.registerDefaultConverters(conversionService);
        conversionService.addConverter(CharSequence.class, MediaType.class, charSequence -> {
            try {
                return MediaType.of(charSequence);
            } catch (IllegalArgumentException e) {
                return null;
            }
        });
    }
}

References

Commit that introduced the vulnerability https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3

For more information

If you have any questions or comments about this advisory:

Affected configurations

Vulners
Node
io.micronautmicronaut-httpRange<3.2.7
VendorProductVersionCPE
io.micronautmicronaut-http*cpe:2.3:a:io.micronaut:micronaut-http:*:*:*:*:*:*:*:*

Related

veracode 1
cvelist 1
prion 1
cnvd 1
osv 2
nvd 1
cve 1
veracode
veracode
Denial Of Service (DoS)
2022-01-20 13:37:10
cvelist
cvelist
CVE-2022-21700 Memory leak in micronaut-core
2022-01-18 22:15:13
prion
prion
Memory corruption
2022-01-18 23:15:00
cnvd
cnvd
Object Computing micronaut resource management error vulnerability
2022-01-19 00:00:00
osv
osv
CVE-2022-21700
2022-01-18 23:15:08
Memory leak in micronaut-core
2022-01-21 23:19:36
nvd
nvd
CVE-2022-21700
2022-01-18 23:15:08
cve
cve
CVE-2022-21700
2022-01-18 23:15:08

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

40.1%

JSON
Related for GHSA-2457-2263-MM9F
veracode1cvelist1prion1cnvd1osv2nvd1cve1