Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-699

CVE-2014-3651 Denial of service vulnerability in QR code generation [keycloak]

    XMLWordPrintable

    Details

    • Security Sensitive Issue:
      This issue is security relevant
    • Steps to Reproduce:
      Hide

      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc

      The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

      Show
      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

      Description

      If an unnaturally image size is requested from the qrcode service, a OutOfMemoryError exception may occur in the JVM, destabilizing the JVM and leading to a denial of service.

        Attachments

          Activity

            People

            Assignee:
            stianst Stian Thorgersen
            Reporter:
            fweimer Florian Weimer
            Involved:
            Bill Burke (Inactive), Trevor Jay (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: