Project

General

Profile

Actions
Copy link

Security #6306

closed

mime: quadratic complexity in MimeDecAddEntity

Added by Philippe Antoine 8 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.2
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
CRITICAL
Disclosure Date:

Description

Found by quadfuzz

500 kilobytes pcap takes 40 seconds to process, just spending time adding to a linked list

The fuzz input to fuzz_mimedecparseline is

content-Type:;boundary=;

--

--

--

With the lines repeating many times

Solution to add to a linked list should be to keep the tail known

Files

lol.pcap (438 KB) lol.pcap Philippe Antoine, 09/11/2023 02:44 PM

Subtasks 1 (0 open1 closed)

Security #6363: mime: quadratic complexity in MimeDecAddEntity (6.0.x backport)ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine 8 months ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Philippe Antoine

Gitlab MR

Actions
Copy link
 #2

Updated by OISF Ticketbot 8 months ago

  • Subtask #6363 added
Actions
Copy link
 #3

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #4

Updated by Victor Julien 8 months ago

  • Severity changed from MODERATE to CRITICAL
Actions
Copy link
 #5

Updated by Philippe Antoine 8 months ago

I wonder if there is the same issue with AddDataValue

Actions
Copy link
 #6

Updated by Philippe Antoine 8 months ago

Philippe Antoine wrote in #note-5:

I wonder if there is the same issue with AddDataValue

No, because it is bound by mdcfg->header_value_depth

Actions
Copy link
 #7

Updated by Shivani Bhardwaj 7 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #9

Updated by Victor Julien 6 months ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF