Description
A vulnerability in the ReceiveOS function within gnoi/os/server.go allows for uncontrolled memory consumption. The server fails to enforce a maximum size limit on the bytes.Buffer when receiving TransferContent messages.
Impact
An authenticated remote attacker can stream an unlimited amount of data, causing the server to allocate memory until it triggers an Out of Memory (OOM) event, resulting in a Denial of Service (DoS). This has been validated by the Google VRP team (Issue #513177194).
Steps to Reproduce
- Authenticate to the gNOI endpoint.
- Initiate an
Install RPC.
- Send continuous
TransferContent chunks without sending a TransferEnd.
- Observe memory usage increasing until process termination.
Proposed Fix
I have submitted a Pull Request (#404) to address this by implementing a size cap on the buffer.
Description
A vulnerability in the
ReceiveOSfunction withingnoi/os/server.goallows for uncontrolled memory consumption. The server fails to enforce a maximum size limit on thebytes.Bufferwhen receivingTransferContentmessages.Impact
An authenticated remote attacker can stream an unlimited amount of data, causing the server to allocate memory until it triggers an Out of Memory (OOM) event, resulting in a Denial of Service (DoS). This has been validated by the Google VRP team (Issue #513177194).
Steps to Reproduce
InstallRPC.TransferContentchunks without sending aTransferEnd.Proposed Fix
I have submitted a Pull Request (#404) to address this by implementing a size cap on the buffer.