Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneM31007H1:1511843
HistoryMar 15, 2022 - 12:16 a.m.

Monero: monerod JSON RPC server remote DoS

2022-03-1500:16:28
m31007
hackerone.com
10
JSON

Monero daemon (monerod) does not limit Content-length variable when processing incoming HTTP requests.
We can force monerod to allocate arbitrary amount of memory.

How to reproduce:

  1. compile monero https://github.com/monero-project/monero

  2. run it:
    $ ulimit -Sv 1000000000
    $ ./bin/monerod --rpc-login test:test --rpc-bind-ip 0.0.0.0 --confirm-external-bind

  3. run attached script m1.py
    $ python2 ./m1.py 192.168.1.34

  4. after some time OOM killer will stop monerod

Impact

monerod process can be stopped remotely, no authentication is required.
An access to JSON RPC port is enough.

JSON