| タイトル | No limit in length of "Name" parameter results in DOS attack /memory corruption in wallabag/wallabag |
|---|
| 説明 | VENDOR-GITHUBLINK : https://github.com/wallabag/wallabag
Vulnerability Type: CWE-770(Allocation of Resources Without Limits or Throttling)
AFFECTED-VERSION : 2.5.4
## Steps To Reproduce
```
1. Navigate to this URL https://app.wallabag.it/login and login with your Credential
2. After logged-in move to your Profile-Config section or to this URL: https://app.wallabag.it/config
3. Navigate to "USER INFORMATION" You will see a field called "Name"
3. Here you will see that there is no limit for the “Name” parameter that allows a user to set a very long string as long as 1 million characters.
4. This may possibly result in a memory corruption/DOS attack.
```
Mitigation
There must be a fixed length for the “Name” parameter upto 128 characters
Impact
Allows an attacker to set a " Name “ with long string leading to memory corruption/possible DOS Attack
## PROOF-OF-CONCEPT
- GITHUB-LINK : https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md |
|---|
| ソース | ⚠️ https://github.com/wallabag/wallabag |
|---|
| ユーザー | Affan (UID 39417) |
|---|
| 送信 | 2023年06月30日 20:48 (3 年 ago) |
|---|
| モデレーション | 2023年07月08日 15:27 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 233359 [wallabag 2.5.4 Profile Config /config 名前 サービス拒否] |
|---|
| ポイント | 20 |
|---|