Summary
An unsafe reading of environment file could potentially cause a denial of service in Netty.
When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.
Details
A similar issue was previously reported in GHSA-xq3w-v528-46rv
This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.
PoC
The PoC is the same as for GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.
When the null-bytes are encountered by the InputStreamReader, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the BufferedReader.readLine(), because the replacement character is not a line-break character.
Impact
Impact is the same as GHSA-xq3w-v528-46rv
References
chrisvest Reporter
Summary
An unsafe reading of environment file could potentially cause a denial of service in Netty.
When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.
Details
A similar issue was previously reported in GHSA-xq3w-v528-46rv
This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.
PoC
The PoC is the same as for GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.
When the null-bytes are encountered by the
InputStreamReader, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in theBufferedReader.readLine(), because the replacement character is not a line-break character.Impact
Impact is the same as GHSA-xq3w-v528-46rv
References