Listen to this Post
How the CVE works:
The vulnerability exists in the OpAMP client’s HTTP transport component, introduced via pull request 2926. When the client receives a response from an OpAMP server over HTTP, it uses `ReadAsByteArrayAsync` to copy the entirety of `HttpResponseMessage.Content` into a byte array. This operation lacks any upper bound on the number of bytes read. An attacker who controls the OpAMP server (or can perform a Man-in-the-Middle attack) can send an HTTP response with an extremely large body. The client will then attempt to allocate a buffer large enough to hold the entire response, leading to unbounded memory consumption. Because there is no size limit or streaming fallback, a single malicious response can exhaust all available memory in the consuming application. The client continues reading until the whole response is buffered, which may take seconds or minutes depending on the data rate, but the memory usage grows linearly with the response size. This is a classic DoS via uncontrolled resource allocation. The issue was fixed in pull request 4116 by limiting the maximum response size to 128 KB.
dailycve form:
Platform: OpAMP client
Version: before fix
Vulnerability: Unbounded buffer
Severity: Medium
date: 2024-08-15
Prediction: 2024-08-22
What Undercode Say:
Analytics:
Simulate malicious OpAMP server sending huge body !/bin/bash while true; do echo -e "HTTP/1.1 200 OK\r\nContent-Length: 999999999\r\n\r\n$(dd if=/dev/zero bs=1M count=1000 2>/dev/null)" | nc -l -p 8080 done
Monitor memory usage of vulnerable OpAMP client
watch -n 1 'ps aux | grep opamp-client | awk "{print \$6}"'
Exploit:
Attacker sets up rogue OpAMP server or MitM connection. Responds to any client request with HTTP body > available RAM (e.g., 2GB). Client calls ReadAsByteArrayAsync, allocates contiguous buffer, crashes with OOM.
Protection from this CVE:
Upgrade to patched version (response size limited to 128KB). Alternatively, deploy trusted OpAMP servers only, use TLS with certificate pinning to prevent MitM, and monitor memory usage.
Impact:
Denial-of-service via memory exhaustion. Application becomes unresponsive or crashes. No data corruption or privilege escalation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
