DoS vulnerability: cause resource exhaustion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
whoopsie (Ubuntu) |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Xenial |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Bionic |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Eoan |
Won't Fix
|
Medium
|
Marc Deslauriers | ||
Focal |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Groovy |
Fix Released
|
Medium
|
Marc Deslauriers |
Bug Description
Hi,
I have found a security issue on whoopsie 0.2.69 and earlier.
# Vulnerability description
The parse_report() function in whoopsie.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary process.
This results in the process being terminated by the OOM killer.
# Details
We have found a memory leak vulnerability during the parsing the crash file, when a collision occurs on GHashTable through g_hash_
According to [1], if the key already exists in the GHashTable, its current value is replaced with the new value.
If 'key_destory_func' and 'value_
Unfortunately, whoopsie does not handle the old value and the passed key when collision happens.
If a crash file contains same repetitive key-value pairs, it leads to memory leak as much as the amount of repetition and results in denial-of-service.
[1] https:/
# PoC (*Please check the below PoC: whoopsie_killer.py)
1) Generates a certain malformed crash file that contains same repetitive key-value pairs.
2) Trigger the whoopsie to read the generated crash file.
3) After then, the whoopsie process has been killed.
# Mitigation (*Please check the below patch: g_hash_
We should use g_hash_
Otherwise, before g_hash_
Sincerely,
Related branches
CVE References
description: | updated |
information type: | Private Security → Public Security |
Changed in whoopsie (Ubuntu): | |
importance: | Undecided → Medium |
summary: |
- Memory leak in parse_report() + memory exhaustion in parse_report() |
description: | updated |
description: | updated |
summary: |
- memory exhaustion in parse_report() + DoS vulnerability: cause resource exhaustion |
Changed in whoopsie (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Alex Murray (alexmurray) |
Changed in whoopsie (Ubuntu): | |
assignee: | Alex Murray (alexmurray) → Marc Deslauriers (mdeslaur) |
Changed in whoopsie (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in whoopsie (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in whoopsie (Ubuntu Eoan): | |
status: | New → Confirmed |
Changed in whoopsie (Ubuntu Focal): | |
status: | New → Confirmed |
Changed in whoopsie (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in whoopsie (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in whoopsie (Ubuntu Eoan): | |
importance: | Undecided → Medium |
Changed in whoopsie (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in whoopsie (Ubuntu Xenial): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in whoopsie (Ubuntu Bionic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in whoopsie (Ubuntu Eoan): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in whoopsie (Ubuntu Focal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Modification: table_new_ full() and add 'key_destroy_func' and 'value_ destroy_ func' function.
Correct the above issue.
Replace g_hash_table_new() with g_hash_