Impact
A StackOverflowError can be raised when parsing a malformed crafted message due to an
infinite recursion.
Patches
Users should upgrade to 4.1.86.Final
Workarounds
There is no workaround, except using a custom HaProxyMessageDecoder.
References
When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type =
PP2_TYPE_SSL and so on.
The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it
is encoded in an unsigned short type.
Providing a TLV with a nesting level that is large enough will lead to raising of a
StackOverflowError.
The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s
ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception
/ crash.
For more information
If you have any questions or comments about this advisory:
Impact
A StackOverflowError can be raised when parsing a malformed crafted message due to an
infinite recursion.
Patches
Users should upgrade to 4.1.86.Final
Workarounds
There is no workaround, except using a custom HaProxyMessageDecoder.
References
When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type =
PP2_TYPE_SSL and so on.
The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it
is encoded in an unsigned short type.
Providing a TLV with a nesting level that is large enough will lead to raising of a
StackOverflowError.
The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s
ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception
/ crash.
For more information
If you have any questions or comments about this advisory: