-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: core-sv-033 to core-sv-037 (#22)
* docs: core-sv-033 * docs: core-sv-034 * docs: core-sv-035 * docs: core-sv-036 * docs: core-sv-037 * docs: core-sv-033 to core-sv-037
- Loading branch information
Showing
6 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # JSON payloads with too many key-value pairs were too CPU intensive to parse | ||
|
|
||
| **Identifier:** Core-SV-033 | ||
|
|
||
| ## Cause: | ||
| There was a Denial of Service security vulnerability inside the P2P layer which could be triggered by sending valid JSON strings to valid endpoints, but where the JSON string contained too many key-value pairs. This was too time consuming to parse, so a node was unable to process other business, leading to missed blocks and an inability to forge. | ||
|
|
||
| >Reported by: [alessio](https://github.com/alessiodf) | ||
| ## Solution | ||
|
|
||
| **Patch:** https://github.com/ArkEcosystem/core/pull/3404 | ||
|
|
||
| ## Status | ||
| Closed. | ||
|
|
||
| **Release:** https://github.com/ArkEcosystem/core/releases/tag/2.5.36 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Unhandled unemitted events could trigger high CPU spikes and propagation delays | ||
|
|
||
| **Identifier:** Core-SV-034 | ||
|
|
||
| ## Cause: | ||
| Core only incremented the rate limiter when the SocketCluster emit event was fired, but there were some circumstances where specially crafted payloads would not trigger this event. This meant that anyone could flood a node with such messages which did not increment the rate limiter. | ||
|
|
||
| >Reported by: [alessio](https://github.com/alessiodf) | ||
| ## Solution | ||
|
|
||
| **Patch:** https://github.com/ArkEcosystem/core/pull/3404 | ||
|
|
||
| ## Status | ||
| Closed. | ||
|
|
||
| **Release:** https://github.com/ArkEcosystem/core/releases/tag/2.5.36 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Broadcasting invalid WebSocket opcodes caused significant network degradation and missed blocks | ||
|
|
||
| **Identifier:** Core-SV-035 | ||
|
|
||
| ## Cause: | ||
| Sending malformed WebSocket packets with reserved or unimplemented opcodes would trigger the socket's onerror event handler, but Core did not listen for this event and the connection was not blocked. The process of repeatedly throwing the error was sufficiently computationally expensive that it was possible to take down a node and stop it forging by sending a constant stream of malformed packets. | ||
|
|
||
| >Reported by: [alessio](https://github.com/alessiodf) | ||
| ## Solution | ||
|
|
||
| **Patch:** https://github.com/ArkEcosystem/core/pull/3404 | ||
|
|
||
| ## Status | ||
| Closed. | ||
|
|
||
| **Release:** https://github.com/ArkEcosystem/core/releases/tag/2.5.36 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Opening thousands of sockets caused high CPU/memory usage and full server crashes | ||
|
|
||
| **Identifier:** Core-SV-036 | ||
|
|
||
| ## Cause: | ||
| It was possible for an attacker to open thousands of connections to a node because there was no filtering to prevent multiple connections per originating IP address. Each active connection used a file descriptor in the operating system, and the number of available file descriptors is limited. An attacker could open enough simultaneous connections to use all the available open file descriptors on a node, which would crash it completely, since the operating system was no longer able to open any files. | ||
|
|
||
| >Reported by: [alessio](https://github.com/alessiodf) | ||
| ## Solution | ||
|
|
||
| **Patch:** https://github.com/ArkEcosystem/core/pull/3404 | ||
|
|
||
| ## Status | ||
| Closed. | ||
|
|
||
| **Release:** https://github.com/ArkEcosystem/core/releases/tag/2.5.36 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # A malicious block containing thousands of transactions could take down a node | ||
|
|
||
| **Identifier:** Core-SV-037 | ||
|
|
||
| ## Cause: | ||
| A malicious user could keep sending bad blocks containing thousands of transactions inside them. As all the transactions inside the blocks were verified and validated, this maxed out the CPU usage and prevented nodes from operating correctly. It did not matter that the block itself failed verification or had a fake generator, as all transactions inside the block were still verified and validated. Since there were many thousands of transactions stuffed into the block, this CPU intensive process took too long to complete and the rate limiter did not prevent the attack since the rate limit was reset long before the process finally finished, so an attacker could continue indefinitely to keep a node offline. | ||
|
|
||
| >Reported by: [alessio](https://github.com/alessiodf) | ||
| ## Solution | ||
|
|
||
| **Patch:** https://github.com/ArkEcosystem/core/pull/3404 | ||
|
|
||
| ## Status | ||
| Closed. | ||
|
|
||
| **Release:** https://github.com/ArkEcosystem/core/releases/tag/2.5.36 |