CVE-2022-36078 in Binary
Summary
by MITRE • 09/02/2022
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/11/2022
The vulnerability identified as CVE-2022-36078 resides within the github.com/gagliardetto/binary library, a widely used Go package for binary data encoding and decoding operations. This library implements Borsh and other binary formats, making it particularly critical in blockchain applications where untrusted data from the network must be parsed and processed. The flaw manifests as a memory allocation vulnerability that directly impacts the library's ability to safely handle slice data structures during deserialization processes. When developers utilize the dec.Decode(&val) method to parse data into structures containing slices, the library reads slice lengths directly from the input data without performing any validation checks on the size parameters.
The technical implementation of this vulnerability stems from the library's failure to enforce bounds checking on slice length values extracted from untrusted input sources. During the decoding process, when the library encounters a slice type within the target structure, it reads the length value directly from the binary data stream and subsequently allocates memory for that slice. This approach creates a path for attackers to craft malicious input data containing excessively large length values that would result in massive memory allocations. The vulnerability represents a classic case of insufficient input validation and can be categorized under CWE-129, which addresses insufficient size checks, and CWE-704, which covers incorrect type conversion or casting. The memory allocation overflow can manifest in two primary ways: either exhausting the available system memory through allocation of massive slices or causing a program crash due to memory allocation failures that terminate the process execution.
The operational impact of CVE-2022-36078 extends significantly within blockchain ecosystems and distributed systems that rely on the affected library. Applications using this library to process data from public blockchains, such as Solana or other blockchain networks, become vulnerable to denial of service attacks where malicious actors can submit crafted transactions or data payloads designed to trigger the memory allocation vulnerability. This makes the vulnerability particularly dangerous in consensus mechanisms or validator nodes where memory exhaustion could disrupt network operations or compromise node availability. The attack surface is broad as any system processing untrusted binary data through the affected library is at risk, including but not limited to blockchain nodes, smart contract interpreters, and data processing services that deserialize external inputs. The vulnerability can be exploited through the ATT&CK technique T1499.004, which involves resource consumption attacks, where an attacker systematically consumes system resources to render services unavailable.
Mitigation strategies for this vulnerability require immediate attention from developers and system administrators. The primary recommended solution involves upgrading to version v0.7.1 or higher of the github.com/gagliardetto/binary library, which includes proper bounds checking and validation mechanisms for slice length parameters. Organizations should implement comprehensive dependency management practices to ensure all affected systems are updated promptly. In scenarios where immediate upgrades are not feasible, developers can implement workarounds by avoiding the dec.Decode(&val) method and instead implementing custom UnmarshalWithDecoder() methods that perform explicit length validation before any memory allocation occurs. This defensive programming approach aligns with the principle of least privilege and input validation, ensuring that slice sizes are constrained to reasonable limits based on the expected data structure. The workaround approach directly addresses the root cause by implementing the checks that the library should have performed internally, thereby preventing the exploitation vector while maintaining functional compatibility with existing codebases.