Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
Summary
Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days.
Details
The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash.
PoC
To reproduce this vulnerability, please follow these steps:
Start the Faktory Docker and limit memory usage to 512 megabytes for better demonstration:
$ docker run --rm -it -m 512m \
-p 127.0.0.1:7419:7419 \
-p 127.0.0.1:7420:7420 \
contribsys/faktory:latest
Send the following request. The Faktory server will exit after a few seconds due to out of memory:
$ curl 'http://localhost:7420/?days=922337'
Impact
Server Availability: The vulnerability can crash the Faktory server, affecting its availability.
Denial of Service Risk: Given that the Faktory web dashboard does not require authorization, any entity with internet access to the dashboard could potentially exploit this vulnerability. This unchecked access opens up the potential for a Denial of Service (DoS) attack, which could disrupt service availability without any conditional barriers to the attacker.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-x4hh-vjm7-g2jv, CVE-2023-37279
References:
- https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv
- https://nvd.nist.gov/vuln/detail/CVE-2023-37279
- https://github.com/advisories/GHSA-x4hh-vjm7-g2jv
Blast Radius: 9.9
Affected Packages
go:github.com/contribsys/faktory
Dependent packages: 33Dependent repositories: 21
Downloads:
Affected Version Ranges: < 1.8.0
Fixed in: 1.8.0
All affected versions: 0.5.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6.0, 1.6.1, 1.6.2, 1.7.0
All unaffected versions: 1.8.0