Lucene search
Nehalr777F9FEDF94-41C9-49C4-8552-E407123A44E7HistorySep 24, 2022 - 11:47 a.m.
No Limit in "title" length while adding SSH key , results in memory consumption/DOS attack
2022-09-2411:47:17
nehalr777
www.huntr.dev
11
ssh key
memory consumption
dos attack
fixed length
mitigation
EPSS
0.001
Percentile
37.9%
Description
There must be a fixed length for user input parameters like “title” while adding SSH key. Allowing users to enter long strings may result in a DOS attack or memory corruption
Proof of Concept
1)Go to https://rdiffweb-demo.ikus-soft.com/prefs/sshkeys# endpoint .
2)Click on add SSH key.
3)Here you will see that there is no limit for the “title” while adding SSH key that allows a user to to set a very long string as long as 1 million characters .
4)This may possibly result in a memory corruption/DOS attack.
Mitigation: There must be a fixed length for the “title” while adding SSH key - upto 256 characters
Related
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2022-09-27 04:44:17
cve
cve
CVE-2022-3298
2022-09-26 22:15:15
osv
osv
CVE-2022-3298
2022-09-26 22:15:15
PYSEC-2022-294
2022-09-26 22:15:00
rdiffweb vulnerable to potential DoS via memory consumption
2022-09-27 00:00:16
prion
prion
Design/Logic Flaw
2022-09-26 22:15:00
github
github
rdiffweb vulnerable to potential DoS via memory consumption
2022-09-27 00:00:16
nvd
nvd
CVE-2022-3298
2022-09-26 22:15:15
cnvd
cnvd
Rdiffweb Header Denial of Service Vulnerability
2022-09-28 00:00:00