You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think there is a potential DoS in Message.Unpack if the function is used on untrusted data, since Message.Question, etc. are pre-allocated to the length indicated in p.header. An attacker can make the function allocate a few MiB of wasted memory per call, which in turn can stall the program by pressuring the GC and raising pause times.
The text was updated successfully, but these errors were encountered:
Change https://golang.org/cl/85135 mentions this issue: dns/dnsmessage: Don't use untrusted data to pre-allocate slices
mikioh
changed the title
x/net: dnsmessage uses untrusted data to pre-allocate slices
x/net/dnsmessage: uses untrusted data to pre-allocate slices
Dec 22, 2017
mikioh
changed the title
x/net/dnsmessage: uses untrusted data to pre-allocate slices
x/net/dns/dnsmessage: uses untrusted data to pre-allocate slices
Dec 25, 2017
I think there is a potential DoS in Message.Unpack if the function is used on untrusted data, since Message.Question, etc. are pre-allocated to the length indicated in p.header. An attacker can make the function allocate a few MiB of wasted memory per call, which in turn can stall the program by pressuring the GC and raising pause times.
The text was updated successfully, but these errors were encountered: