CVE-2022-27772
Denial of Service vulnerability in spring-boot (Maven)
What is CVE-2022-27772 About?
This vulnerability involves a Denial of Service (DoS) where a specially crafted RAR archive can trigger an infinite loop during extraction. This can lead to resource exhaustion and make the application unresponsive. The exploitability depends on whether the application processes untrusted user-supplied files, making it a conditional risk.
Affected Software
Technical Details
The vulnerability arises during the extraction process of RAR archives within the junrar library. A 'carefully crafted RAR archive' refers to a malicious archive specifically designed to exploit a flaw in the parsing or decompression logic. Upon attempting to extract such an archive, the library enters an 'infinite loop', meaning a section of code repeatedly executes without reaching a termination condition. This consumes CPU cycles and memory resources, ultimately leading to a Denial of Service condition, rendering the application using the library unresponsive or crashing it. The specific mechanism of the infinite loop (e.g., malformed header, incorrect length fields, recursive structures) is not detailed but is triggered by the archive's structure.
What is the Impact of CVE-2022-27772?
Successful exploitation may allow attackers to cause a Denial of Service (DoS), leading to application unresponsiveness, resource exhaustion, and potential system instability, thereby disrupting service availability.
What is the Exploitability of CVE-2022-27772?
Exploitation requires the attacker to provide a malicious RAR archive to an application that uses the vulnerable junrar library for extraction. This typically implies remote access if the application accepts uploaded files from external sources, or local access if the attacker can place the file on the system. There are no explicit authentication or privilege requirements mentioned, as the vulnerability resides in the file processing itself. The complexity lies in crafting the RAR archive to reliably trigger the infinite loop. The likelihood of exploitation is significantly increased if the application processes untrusted input files by default.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| puneetbehl | Link | PoC for CVE-2022-27772 |
What are the Available Fixes for CVE-2022-27772?
Available Upgrade Options
- org.springframework.boot:spring-boot
- <2.2.11.RELEASE → Upgrade to 2.2.11.RELEASE
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
- https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
- https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
- https://nvd.nist.gov/vuln/detail/CVE-2022-27772
- https://osv.dev/vulnerability/GHSA-cm59-pr5q-cw85
- https://github.com/spring-projects/spring-boot
What are Similar Vulnerabilities to CVE-2022-27772?
Similar Vulnerabilities: CVE-2021-3616 , CVE-2021-3617 , CVE-2021-3618 , CVE-2018-7250 , CVE-2020-11756
