Sign In

CVE-2022-41881

ADVISORY - github

Summary

Impact

A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.

Patches

Users should upgrade to 4.1.86.Final.

Workarounds

There is no workaround, except using a custom HaProxyMessageDecoder.

References

When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on. The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type. Providing a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError. The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.

For more information

If you have any questions or comments about this advisory:

EPSS Score: 0.00077 (0.237)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-674

Uncontrolled Recursion

ADVISORY - github

CWE-674

Uncontrolled Recursion

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-674

Uncontrolled Recursion

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-674

Uncontrolled Recursion

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in