Comment 47 for bug 1493303
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Swift proxy memory leak on unfinished read | #47 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Here is the final impact description for both bug 1493303 and bug 1466549,
If it's accurate, I'd like to send the advance notification asap with a disclosure date set to:
2016-01-20, 1500UTC
Title: Swift proxy-server DoS through Large Object
Reporter: Romain LE DISEZ (OVH), Örjan Persson (Kiliaro)
Products: Swift
Affects: client to proxy: >=2.2.1 <= 2.3.0
proxy to server: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
Description:
Romain LE DISEZ from OVH and Örjan Persson from Kiliaro independently
reported two vulnerabilities in Swift Large Object. By repeatedly
requesting and interrupting connections to a Large Object (Dynamic or
Static) URL, a remote attacker may exhausts Swift proxy-server
resources, potentially resulting in a denial of service. Note that there
are two distinct bugs that can exhaust proxy resources, one for client
connection (client to proxy), one for servers connection (proxy to
server). All Swift setup are affected.