BIT-consul-2021-3121
Denial of Service (DoS) vulnerability in protobuf (Go)
What is BIT-consul-2021-3121 About?
This vulnerability leverages improper bounds checking in generated Unmarshal methods, leading to an out-of-bounds panic when processing maliciously crafted input. This can be used as a denial of service vector, making it moderately easy to exploit for DoS purposes if untrusted input is parsed.
Affected Software
Technical Details
The vulnerability stems from improper bounds checking within Unmarshal methods that are automatically generated. When these methods process maliciously crafted input, they fail to adequately validate the size or structure of the incoming data against the expected boundaries of internal data structures. This can lead to an attempt to access memory beyond the allocated buffer, triggering an out-of-bounds panic (e.g., an array index out of bounds error). If an application parses messages from untrusted parties using these vulnerable Unmarshal methods, an attacker can send specially crafted messages that induce this panic, causing the application or service to crash and resulting in a denial of service. The attack vector is the submission of malformed input to an endpoint that utilizes the vulnerable Unmarshal functionality.
What is the Impact of BIT-consul-2021-3121?
Successful exploitation may allow attackers to cause the affected service or application to crash or become unresponsive, leading to a denial of service for legitimate users.
What is the Exploitability of BIT-consul-2021-3121?
Exploitation involves crafting specific malicious input that triggers the out-of-bounds panic. This requires a moderate understanding of the message structure processed by the Unmarshal methods. No authentication or specific privileges are required if the application parses untrusted input directly. This is typically a remote exploitation scenario, assuming the insecure Unmarshal method is exposed to external input. The main constraint is correctly formatting the malicious input to bypass bounds checks. Risk factors that increase exploitation likelihood include applications that process and unmarshal messages from untrusted sources without robust input validation and error handling.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-consul-2021-3121?
Available Upgrade Options
- github.com/gogo/protobuf
- <1.3.2 → Upgrade to 1.3.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20210219-0006
- https://security.netapp.com/advisory/ntap-20210219-0006/
- https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2
- https://nvd.nist.gov/vuln/detail/CVE-2021-3121
- https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
- https://osv.dev/vulnerability/GHSA-c3h9-896r-86jm
- https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E
- https://github.com/gogo/protobuf
- https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E
- https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025
What are Similar Vulnerabilities to BIT-consul-2021-3121?
Similar Vulnerabilities: CVE-2020-10705 , CVE-2021-26857 , CVE-2023-3269 , CVE-2022-42887 , CVE-2023-28436
