Bug 539170 (CVE-2018-12541) - WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake
Summary: WebSocket HTTP upgrade implementation buffers the full http request before do...
Status: RESOLVED FIXED
Alias: CVE-2018-12541
Product: Community
Classification: Eclipse Foundation
Component: Vulnerability Reports (show other bugs)
Version: unspecified   Edit
Hardware: PC Mac OS X
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: Security vulnerabilitied reported against Eclipse projects CLA
QA Contact:
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-09-18 03:37 EDT by Julien Viet CLA
Modified: 2019-02-01 12:13 EST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julien Viet CLA 2018-09-18 03:37:52 EDT 
I am requesting a CVE, the details will be provided later as a comment.
Comment 1 Jens Reimann CLA 2018-09-18 09:19:58 EDT 
Assigned CVE ID CVE-2018-12541
Comment 2 Julien Viet CLA 2018-10-03 03:30:33 EDT 
here are the CVE infos:

   - versions: 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.3.0.CR1, 3.3.0.CR2, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0.Beta1, 3.4.0, 3.4.1, 3.4.2, 3.5.0.Beta1, 3.5.0, 3.5.1, 3.5.2.CR1, 3.5.2.CR2, 3.5.2.CR3, 3.5.2, 3.5.3
    - description: The WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There
    should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. 
    - CWE category: https://cwe.mitre.org/data/definitions/789.html

This has been fixed in 3.5.4 release, here is the corresponding project issue: https://github.com/eclipse-vertx/vert.x/issues/2648