Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-699

CVE-2014-3651 Denial of service vulnerability in QR code generation [keycloak]

    XMLWordPrintable

Details

    • This issue is security relevant
    • Hide

      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc

      The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

      Show
      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

    Description

      If an unnaturally image size is requested from the qrcode service, a OutOfMemoryError exception may occur in the JVM, destabilizing the JVM and leading to a denial of service.

      Attachments

        Activity

          People

            sthorger@redhat.com Stian Thorgersen
            fweimer@redhat.com Florian Weimer
            Bill Burke (Inactive), Trevor Jay (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: