New eclipse bug allow attacker to exploit users

The AMQP protocol adapter does not check the scale of the AMQP messages sent from the devices in Eclipse Hono versions 1.3.0 and 1.4.0.

Saturday, November 14, 2020, 7:56 GMT

In particular, a system can send messages that are larger than the max message size indicated during the establishment of the connection by the protocol adapter.

While the AMQP 1.0 protocol expressly forbids a peer from transmitting such messages, this action could be abused by a handmade AMQP 1.0 client to transmit a message of infinite size to the adapter, ultimately forcing the adapter to crash with an out-of-memory exception.

The AMQP adapter’s vertx-proton library fails to deny transfers that surpass the configured max-message-size. This allows an attacker to use several transfers that are each under the configured max-framw-size limit to upload an infinite size message to the AMQP adapter.

The library of vertx-proton assembles the entity transfers into the final in-memory message. The adapter is therefore vulnerable to the misuse of its memory resources, ultimately leading to an OOM exception.

References: