x/crypto/openpgp: infinite loop on compression quines #10751

kbsriram · 2015-05-07T21:46:14Z

A carefully crafted packet can cause the ReadMessage function to push an infinite number of io.Readers within the packet reader.

An example packet created by Taylor R. Campbell can be found at:
http://mumble.net/~campbell/misc/pgp-quine/
and additional details can be found from this related issue for GnuPG:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402

ianlancetaylor · 2015-05-07T23:37:03Z

ebfe · 2015-07-18T19:17:46Z

A carefully crafted packet can cause the packet reader to push an infinite number of recursive packet readers. This change limits the number of recursive parsing levels within the packet reader. More details at: http://mumble.net/~campbell/misc/pgp-quine https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402 Fixes golang#10751 Change-Id: Ib4e102d85f6496e2c7feb5b9d7e5db45db6032df Reviewed-on: https://go-review.googlesource.com/9843 Reviewed-by: Adam Langley <agl@golang.org>

ianlancetaylor added this to the Unreleased milestone May 7, 2015

agl self-assigned this Aug 2, 2015

agl closed this as completed Aug 2, 2015

golang locked and limited conversation to collaborators Aug 5, 2016

gopherbot added the FrozenDueToAge label Aug 5, 2016

rsc unassigned agl Jun 23, 2022

Provide feedback