Attack type
Remote
Impact
Denial of Service (crash)
Affected component(s)
OAuth.
Attack vector(s)
Remote.
Discoverer(s)/Credits
Identified by Raul Gutierrez Segales rgs@pinterest.com while investigating GHSA-h45c-2f94-prxh, originally reported by Weiqiu Wen ff800u@gmail.com
References
See also GHSA-h45c-2f94-prxh
Description (brief; included in CVE)
The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions.
Example exploit or proof-of-concept
The general authentication flow in the oauth filter triggers this condition, so should be exploitable.
Description (full; not included in CVE but will be published on GitHub later and linked)
continueDecoding() shouldn’t ever be called from filters after a local reply has been sent.
Mitigation
NA.
Detection
Crashes with possible unrelated stack traces after successful oauth flow metrics are emitted.
Attack type
Remote
Impact
Denial of Service (crash)
Affected component(s)
OAuth.
Attack vector(s)
Remote.
Discoverer(s)/Credits
Identified by Raul Gutierrez Segales rgs@pinterest.com while investigating GHSA-h45c-2f94-prxh, originally reported by Weiqiu Wen ff800u@gmail.com
References
See also GHSA-h45c-2f94-prxh
Description (brief; included in CVE)
The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions.
Example exploit or proof-of-concept
The general authentication flow in the oauth filter triggers this condition, so should be exploitable.
Description (full; not included in CVE but will be published on GitHub later and linked)
continueDecoding() shouldn’t ever be called from filters after a local reply has been sent.
Mitigation
NA.
Detection
Crashes with possible unrelated stack traces after successful oauth flow metrics are emitted.