Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
| Link | Tags |
|---|---|
| https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg | mitigation third party advisory |
| https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033 | patch third party advisory exploit |