| عنوان | No limit in length of "Name" parameter results in DOS attack /memory corruption in wallabag/wallabag |
|---|
| الوصف | VENDOR-GITHUBLINK : https://github.com/wallabag/wallabag
Vulnerability Type: CWE-770(Allocation of Resources Without Limits or Throttling)
AFFECTED-VERSION : 2.5.4
## Steps To Reproduce
```
1. Navigate to this URL https://app.wallabag.it/login and login with your Credential
2. After logged-in move to your Profile-Config section or to this URL: https://app.wallabag.it/config
3. Navigate to "USER INFORMATION" You will see a field called "Name"
3. Here you will see that there is no limit for the “Name” parameter that allows a user to set a very long string as long as 1 million characters.
4. This may possibly result in a memory corruption/DOS attack.
```
Mitigation
There must be a fixed length for the “Name” parameter upto 128 characters
Impact
Allows an attacker to set a " Name “ with long string leading to memory corruption/possible DOS Attack
## PROOF-OF-CONCEPT
- GITHUB-LINK : https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md |
|---|
| المصدر | ⚠️ https://github.com/wallabag/wallabag |
|---|
| المستخدم | Affan (UID 39417) |
|---|
| ارسال | 30/06/2023 08:48 PM (3 سنوات منذ) |
|---|
| الاعتدال | 08/07/2023 03:27 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 233359 [wallabag 2.5.4 Profile Config /config الأسم الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|