[AXIS2C-1661] vulnerability : buffer overflow in axis2/c http client - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.6.0, 1.7.0
Fix Version/s: 1.7.0
Component/s: core/transport
Labels:
- overflow
- patch
- security
Environment:
Any, axis2/c built with native http sender (no libcurl)

Description

With axis2/c used as a client using http transport, if a malicious server begins its reply with more than 512 bytes without CRLF (ie. in place of the response status), this causes a stack overflow in the client. Remote code execution is certainly possible.

Please find a fix for this vulnerability here :

https://github.com/gillesgagniard/wso2-wsf-cpp-gg/commit/976f9c60ccade30ae3fe1a2bddbaeb1fdc9e000a

Attachments

Issue Links

is related to

AXIS2C-1511 infinite loop when consuming a .NET ws with long header string (more than 512 chars in a row).

Closed

AXIS2C-1415 Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header field larger than 512 bytes in length.

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Gilles Gagniard

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jan/14 10:48

Updated:: 07/Apr/20 17:44

Resolved:: 04/Dec/18 02:55

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified