[EXT-SEC-AUDIT] Excessive size limit of Ekiden runtime messages can result in fatal out-of-memory errors #2213
Labels
c:runtime/compute
Category: runtime compute worker
c:runtime
Category: runtime
c:security
Category: security issues
Issue transferred from an external security audit report.
CBOR unmarshalling routines in both Go and Rust set an excessive message size limit of 100 MB. This makes it feasible for an attacker to craft a message which, once accepted and unmarshalled by either routine, consumes a large amount of memory and crashes a node.
https://github.com/oasislabs/oasis-core/blob/7a5ddc8fae312b6d8400fa9ba062604c1112c6a4/go/common/cbor/codec.go#L9-L10
The text was updated successfully, but these errors were encountered: