New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Endless loop in parse_packet() while statement (CPU drain/DoS) #2174
Labels
Comments
rpv-tomsk
added a commit
to rpv-tomsk/collectd
that referenced
this issue
Apr 3, 2017
When correct 'Signature part' is received by Collectd, configured without AuthFile option, condition for endless loop occurs due to missing increase of pointer to next unprocessed part. Closes: collectd#2174
|
This issue has CVE-2017-7401 assigned. |
rpv-tomsk
added a commit
to rpv-tomsk/collectd
that referenced
this issue
Apr 3, 2017
When correct 'Signature part' is received by Collectd, configured without AuthFile option, condition for endless loop occurs due to missing increase of pointer to next unprocessed part. Fixes: CVE-2017-7401 Closes: collectd#2174
|
Thank you very much for reporting this, @marcinguy! I've merged Pavel's patch, hopefully fixing the issue. Pleae send me an email (→ contact) so I can send you a collectd t-shirt! Best regards, |
rpv-tomsk
added a commit
to rpv-tomsk/collectd
that referenced
this issue
Sep 21, 2017
When correct 'Signature part' is received by Collectd, configured without AuthFile option, condition for endless loop occurs due to missing increase of pointer to next unprocessed part. Fixes: CVE-2017-7401 Closes: collectd#2174
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment

Linux laptop 4.4.0-62-generic Solaris support for vmem module #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Expected behavior
Working as usual
Actual behavior
After sending this payload, collectd seems to be entering endless while() loop in packet_parse consuming high CPU resources, possibly crash/gets killed after a while.
Tasks: 290 total, 2 running, 288 sleeping, 0 stopped, 0 zombie
%Cpu(s): 19,7 us, 32,8 sy, 0,0 ni, 47,1 id, 0,3 wa, 0,0 hi, 0,2 si, 0,0 st
KiB Mem : 7604408 total, 267056 free, 2153052 used, 5184300 buff/cache
KiB Swap: 7806972 total, 7528876 free, 278096 used. 4498796 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
605 collectd 20 0 852496 5088 2700 S 62,5 0,1 0:57.17 collectd
Steps to reproduce
Below is a packet, python program that crafts the packet that causes this problem.
The text was updated successfully, but these errors were encountered: