Actions
Security #6306
closed
PA
PA
mime: quadratic complexity in MimeDecAddEntity
Security #6306:
mime: quadratic complexity in MimeDecAddEntity
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
CRITICAL
Disclosure Date:
Description
Found by quadfuzz
500 kilobytes pcap takes 40 seconds to process, just spending time adding to a linked list
The fuzz input to fuzz_mimedecparseline is
content-Type:;boundary=; -- -- --
With the lines repeating many times
Solution to add to a linked list should be to keep the tail known
Files
PA Updated by Philippe Antoine over 2 years ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
Gitlab MR
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6363 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 6.0)
VJ Updated by Victor Julien over 2 years ago
- Severity changed from MODERATE to CRITICAL
PA Updated by Philippe Antoine over 2 years ago
I wonder if there is the same issue with AddDataValue
PA Updated by Philippe Antoine over 2 years ago
Philippe Antoine wrote in #note-5:
I wonder if there is the same issue with
AddDataValue
No, because it is bound by mdcfg->header_value_depth
SB Updated by Shivani Bhardwaj over 2 years ago
- Status changed from In Review to Resolved
VJ Updated by Victor Julien over 2 years ago
- Status changed from Resolved to Closed
VJ Updated by Victor Julien over 2 years ago
- Private changed from Yes to No
Actions