Ticket #6149 defect closed duplicate

Opened 7 months ago

Last modified 7 months ago

Possible DoS in HTTP chunked decoder

Reported by: MostAwesomeDude Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc: jknight Branch:
Author: Launchpad Bug:

Description

Reported by "ivan" on #twisted.web, along with a PoC.

Only scratched the surface, but I don't see why this isn't a valid problem; the attached PoC does definitely chew 20% of my CPU in return for pegging the target Twisted Web server at 100% on another core.

Attachments

test.py Download (0.8 KB) - added by MostAwesomeDude 7 months ago.
PoC for #6149, from ivan

Change History

1

Changed 7 months ago by DefaultCC Plugin

  • cc jknight added

Changed 7 months ago by MostAwesomeDude

PoC for #6149, from ivan

2

Changed 7 months ago by MostAwesomeDude

  • status changed from new to closed
  • resolution set to duplicate

Duplicate of #3795. Sorry 'bout that.

Note: See TracTickets for help on using tickets.