[ https://issues.apache.org/jira/browse/FELIX-6592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Henry Lin updated FELIX-6592: ----------------------------- Description: Dear Apache Felix Dev developers, Fuzzing has found a stack overflow in OSS-Fuzz with JVM Fuzzer Jazzer in Apache Felix Dev. We have reviewed the finding and consider it security-related due to the potential of a denial of service. Part of the crash stack trace: == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Stack overflow (use '-Xss921k' to reproduce) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) Caused by: java.lang.StackOverflowError at java.base/java.lang.String.trim(String.java:2681) at org.apache.felix.utils.json.JSONParser.parseKeyValueListRaw(JSONParser.java:215) at org.apache.felix.utils.json.JSONParser.parseListValuesRaw(JSONParser.java:278) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:123) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) ... We have included a reproducer zip which contains a README file that describes how to reproduce the issue. We would appreciate if you could take a look into the findings. Do you see a risk that this might be exploited by untrusted input? OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51725] Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets fixed or if you are the maintainer of the OSS-Fuzz project. Fuzz target: [https://github.com/google/oss-fuzz/blob/master/projects/apache-felix-dev/JSONParserFuzzer.java] was: Dear Apache Felix Dev developers, Fuzzing has found a stack overflow in OSS-Fuzz with JVM Fuzzer Jazzer in Apache Felix Dev. We have reviewed the finding and consider it security-related due to the potential of a denial of service. Part of the crash stack trace: == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Stack overflow (use '-Xss921k' to reproduce) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) Caused by: java.lang.StackOverflowError at java.base/java.lang.String.trim(String.java:2681) at org.apache.felix.utils.json.JSONParser.parseKeyValueListRaw(JSONParser.java:215) at org.apache.felix.utils.json.JSONParser.parseListValuesRaw(JSONParser.java:278) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:123) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) ... We have included a reproducer zip which contains a README file that describes how to reproduce the issue. We would appreciate if you could take a look into the findings. Do you see a risk that this might be exploited by untrusted input? OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51725] Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets fixed or if you are the maintainer of the OSS-Fuzz project. Fuzz target: [https://github.com/google/oss-fuzz/blob/master/projects/apache-felix-dev/JSONParserFuzzer.java] > Stack overflow finding found by OSS-Fuzz > ---------------------------------------- > > Key: FELIX-6592 > URL: https://issues.apache.org/jira/browse/FELIX-6592 > Project: Felix > Issue Type: Bug > Reporter: Henry Lin > Priority: Major > Attachments: 51725-apache-felix-dev-JSONParserFuzzer.zip > > > Dear Apache Felix Dev developers, > > Fuzzing has found a stack overflow in OSS-Fuzz with JVM Fuzzer Jazzer in > Apache Felix Dev. We have reviewed the finding and consider it > security-related due to the potential of a denial of service. > > Part of the crash stack trace: > == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: > Stack overflow (use '-Xss921k' to reproduce) > at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) > Caused by: java.lang.StackOverflowError at > java.base/java.lang.String.trim(String.java:2681) > at > org.apache.felix.utils.json.JSONParser.parseKeyValueListRaw(JSONParser.java:215) > at > org.apache.felix.utils.json.JSONParser.parseListValuesRaw(JSONParser.java:278) > at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:123) > at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) > at org.apache.felix.utils.json.JSONParser.parseValue(JSONParser.java:124) > ... > > We have included a reproducer zip which contains a README file that describes > how to reproduce the issue. > We would appreciate if you could take a look into the findings. Do you see a > risk that this might be exploited by untrusted input? > > OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51725] > Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets > fixed or if you are the maintainer of the OSS-Fuzz project. > > Fuzz target: > [https://github.com/google/oss-fuzz/blob/master/projects/apache-felix-dev/JSONParserFuzzer.java] -- This message was sent by Atlassian Jira (v8.20.10#820010)