6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.4%
Curl does not prevent resource consumption when processing certain header types, but keeps on allocating more and more resources until the application terminates (or the system crashes, see below).
The attack vectors include (at least):
Transfer-Encoding
with repeated encodings such as โgzip,gzip,gzip,โฆโCURLOPT_ACCEPT_ENCODING
is set sending many Content-Encoding
with repeated encodings such as โgzip,gzip,gzip,โฆโSet-Cookie
with unique cookie names and about 4kbyte value1.Run the following HTTP server:
perl -e 'print "HTTP/1.1 200 OK\r\n";for (my $i=0; $i < 10000000; $i++) { printf "Transfer-Encoding: " . "gzip," x 20000 . "\r\n"; }' | nc -v -l -p 9999
2. curl http://localhost:9999
The application will terminate when it runs out of memory.
On macOS the app dies due to OOM:
Killed: 9
$ echo $?
137
On linux itโs the same:
Killed
$ echo $?
137
When targeting Windows 11 system the system would stop responding. Once the attack script was terminated the system would not recover after 10 minutes of waiting. While it was possible to log on to the system the display would remain black. Rebooting the system was necessary to recover the system to a working state. This of course is likely due to bugs in the Windows operating system or drivers.
On other platforms nasty effects may also occur, such as causing extreme swapping or a system crash. Depending on how the system handles the application gobbling all memory it may result in collateral damage, for example when kernel attempts to release system resources by killing processes.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.4%