Submit #379486: thingsboard v3.7.0 Denial of Serviceinfo

Titlethingsboard v3.7.0 Denial of Service
DescriptionSummary: RPC Server on Compromised Device Returns Large Data, Causing DoS on Thingsboard. Detailed Steps to Reproduce the Vulnerability: 1. Setup: Ensure you have a device that can start an RPC server and that Thingsboard platform is properly set up to communicate with this device. 2. Start RPC Server: Use the HTTP RPC API reference to start an RPC server on the device. 3. Send Request: Through the Thingsboard platform, send a request to this RPC server. 4. Malicious Response: Configure the device to return a maliciously large amount of data in response to the RPC request. Our data is create by python: error_message = "Unknown " * 5000000 + "method";response = {"error": error_message}; 5. Observe Effects: Notice that the Thingsboard platform tries to handle this large response, leading to Out Of Memory (OOM) errors, and eventually causing the platform to crash.
Source⚠️ https://1drv.ms/v/s!AksJ421iyCG-mytAcEUF6WqOTwj2?e=6WAp5G
User
 lujiefsi (ID 72362)
Submission07/24/2024 05:30 AM (2 months ago)
Moderation09/30/2024 07:49 PM (2 months later)
StatusAccepted
VulDB Entry278887
Points20

Interested in the pricing of exploits?

See the underground prices here!