Title | thingsboard v3.7.0 Denial of Service |
---|
Description | Summary: RPC Server on Compromised Device Returns Large Data, Causing DoS on Thingsboard.
Detailed Steps to Reproduce the Vulnerability:
1. Setup: Ensure you have a device that can start an RPC server and that Thingsboard platform is properly set up to communicate with this device.
2. Start RPC Server: Use the HTTP RPC API reference to start an RPC server on the device.
3. Send Request: Through the Thingsboard platform, send a request to this RPC server.
4. Malicious Response: Configure the device to return a maliciously large amount of data in response to the RPC request. Our data is create by python: error_message = "Unknown " * 5000000 + "method";response = {"error": error_message};
5. Observe Effects: Notice that the Thingsboard platform tries to handle this large response, leading to Out Of Memory (OOM) errors, and eventually causing the platform to crash. |
---|
Source | ⚠️ https://1drv.ms/v/s!AksJ421iyCG-mytAcEUF6WqOTwj2?e=6WAp5G |
---|
User | lujiefsi (ID 72362) |
---|
Submission | 07/24/2024 05:30 AM (2 months ago) |
---|
Moderation | 09/30/2024 07:49 PM (2 months later) |
---|
Status | Accepted |
---|
VulDB Entry | 278887 |
---|
Points | 20 |
---|