CPU usage amplification attack, similar to previous vulnerability 2015-03-02-2.
David Renshaw <firstname.lastname@example.org>
- Remotely cause a peer to execute a tight
forloop counting from 0 to 2^29, possibly repeatedly, by sending it a small message. This could enable a DoS attack by consuming CPU resources.
- git commit 80149744bdafa3ad4eedc83f8ab675e27baee868
- release 0.5.1.2:
- release 0.4.1.1:
- release 0.6 (future)
Advisory 2015-03-02-2 described a bug allowing a remote attacker to consume excessive CPU time or other resources using a specially-crafted message. The present advisory is simply another case of the same bug which was initially missed.
The new case occurs only if the application invokes the
on an object reader.
The new case is somewhat less severe, in that it only spins in a tight
loop that doesn't call any application code. Only CPU time is possibly
consumed, not RAM or other resources. However, it is still possible to create
significant delays for the receiver with a specially-crafted message.
Our fuzz test actually covered this case, but we didn't notice the problem because the loop actually completes in less than a second. We've added a new test case which is more demanding, and will make sure that when we do extended testing with American Fuzzy Lop, we treat unexpectedly long run times as failures.