Denial of Service vulnerability on servers with 4GB of ram or less #6716

Jnewbon · 2020-07-10T12:28:32Z

Problem: A denial of service vulnerability was discovered for synergys from an unauthenticated source that could crash the process if there was less the 4gb of ram available
GHSA-chfm-333q-gfpp

Solution: Catch the bad_alloc before it can escape into the server and cause the process to exit.

…pdated debug message

Signed-off-by: Jamie Newbon <jamie@symless.com>

Jnewbon added bug triage labels Jul 10, 2020

Jnewbon added a commit that referenced this issue Jul 14, 2020

#6716 Added try catch around memory allocation

59e63f5

Jnewbon added a commit that referenced this issue Jul 14, 2020

#6716 Changed throw to pass exception to caller and handle it there u…

bdd36c3

…pdated debug message

Jnewbon changed the title ~~Placeholder Issue~~ Denial of Service vulnerability on servers with 4GB of ram or less Jul 14, 2020

Jnewbon added a commit that referenced this issue Jul 14, 2020

#6716 Updated changelog

285dfda

Signed-off-by: Jamie Newbon <jamie@symless.com>

Jnewbon added this to the Sprint 2020-07-13 Jedi milestone Jul 14, 2020

Jnewbon closed this as completed Jul 14, 2020

Jnewbon mentioned this issue Aug 25, 2020

Release 1.12.0-stable #6752

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Denial of Service vulnerability on servers with 4GB of ram or less #6716

Denial of Service vulnerability on servers with 4GB of ram or less #6716

Jnewbon commented Jul 10, 2020 •

edited

Denial of Service vulnerability on servers with 4GB of ram or less #6716

Denial of Service vulnerability on servers with 4GB of ram or less #6716

Comments

Jnewbon commented Jul 10, 2020 • edited

Jnewbon commented Jul 10, 2020 •

edited