-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Go]: Query To Detect Denial Of Service Vulnerability #809
Comments
Hello @Malayke 👋 could you provide a CodeQL database with the vulnerable version of the codebase, which contains the CVE? |
Hi @sylwia-budzynska , this is the CodeQL database link of https://github.com/distribution/distribution vulnerable version |
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
Your submission is now in status Final decision. For information, the evaluation workflow is the following: |
Your submission is now in status Pay. For information, the evaluation workflow is the following: |
Hi @Malayke can you please provide a public email address, or send one to me privately? |
Hi @xcorail I've already sent an email to your GitHub email address. |
Created Hackerone report 2407167 for bounty 557823 : [809] [Go]: Query To Detect Denial Of Service Vulnerability |
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
Query PR
github/codeql#15130
Language
GoLang
CVE(s) ID list
CWE
CWE-770
Report
The vulnerability in Go occurs when the built-in
make
function is used to create slices from user-controlled sources with a maliciously large value. This can lead to excessive memory allocation and potentially result in a denial of service attack. By providing inputs that exceed the expected memory and capacity constraints, attackers can overwhelm the system and cause it to become unresponsive.The vulnerability arises when the
make
function is used to create slices from user-controlled sources with a size parameter that exceeds a certain threshold. This triggers excessive memory allocation, which can lead to a denial of service. Attackers exploit this vulnerability by providing inputs that go beyond the intended boundaries, overwhelming the system and rendering it unresponsive.The query searches for code patterns where the
make
function is used to create slices from user-controlled sources. It then checks if the provided size exceeds a specific threshold, indicating a potential vulnerability.To minimize false positives, the query includes specific criteria that exclude potential false positives. It verifies if a size comparison has been applied to the second parameter passed to the
make
function. This helps differentiate between legitimate instances and potentially vulnerable ones.To reproduce the vulnerability, follow these steps:
git clone https://github.com/distribution/distribution
git checkout -b v2.8.2-beta.1
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: