[ https://issues.apache.org/jira/browse/IGNITE-15921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Tupitsyn updated IGNITE-15921: ------------------------------------ Fix Version/s: 2.13 > Vulnerability in thin client protocol leads to OOM > -------------------------------------------------- > > Key: IGNITE-15921 > URL: https://issues.apache.org/jira/browse/IGNITE-15921 > Project: Ignite > Issue Type: Improvement > Components: thin client > Affects Versions: 2.11 > Reporter: Ilya Kazakov > Assignee: Pavel Tupitsyn > Priority: Critical > Fix For: 2.13 > > > As thin client protocol interprets first 4 bytes as message size and allocate > array for it. Any "big" 4 bytes sent on thin client port could leads to OOM. > Some ideas to resolve: > - print WARN in case of big client message > - allocate array not for all message, but allocate it gradually. > - read more then first4 bytes to understand is it real client message, or it > is some trash. -- This message was sent by Atlassian Jira (v8.20.1#820001)