jpsla94 opened a new issue, #12316: URL: https://github.com/apache/ignite/issues/12316
Hello, I am currently analyzing my security reports for my **Apache ignite 2.17** application and I got notify of these security vulnerabilities in said reports: **sonatype-2021-4292 category 9 threat**: The ignite-core package is vulnerable to Memory Leak. The readFrom() method in the ClientMessage class prematurely allocates a buffer before validating the size in the handshake's header and fails to release the reserved space when the header is invalid. This causes the system to eventually run out of memory. A remote attacker can exploit this vulnerability by sending several malformed messages to initiate connections provoking a Denial of Service (DoS) condition in the server. Advisory Deviation Notice: The Sonatype security research team discovered that the read() method in the GridNioServerBuffer class, also has the vulnerable portion of code in it and was not taken into account in the fix. **sonatype-2022-5219 category 7 threat:** The ignite-core package is vulnerable to Regular Expression Denial of Service (ReDoS) attacks. The translateSqlWildcardsToRegex method in the SqlListenerUtils class uses an unsafe regular expression to parse table names and replace wildcard patterns within SQL queries processed with Ignite's JDBC driver. An attacker with the ability to influence table names passed to function calls via the JDBC driver may exploit this vulnerability to exhaust system resources. This will result in a DoS condition. Are these a case of false positive scenario given their date? Best Regards, João Lola -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
