Actions
Security #6306
closedmime: quadratic complexity in MimeDecAddEntity
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
CRITICAL
Disclosure Date:
Description
Found by quadfuzz
500 kilobytes pcap takes 40 seconds to process, just spending time adding to a linked list
The fuzz input to fuzz_mimedecparseline is
content-Type:;boundary=; -- -- --
With the lines repeating many times
Solution to add to a linked list should be to keep the tail known
Files
Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
Gitlab MR
Updated by Victor Julien over 1 year ago
- Severity changed from MODERATE to CRITICAL
Updated by Philippe Antoine about 1 year ago
I wonder if there is the same issue with AddDataValue
Updated by Philippe Antoine about 1 year ago
Philippe Antoine wrote in #note-5:
I wonder if there is the same issue with
AddDataValue
No, because it is bound by mdcfg->header_value_depth
Updated by Shivani Bhardwaj about 1 year ago
- Status changed from In Review to Resolved
Updated by Victor Julien about 1 year ago
- Status changed from Resolved to Closed
Actions