Skip to content

Parser OOM (out-of-memory) crash when parsing malicious HTTP input (all oom-* are same bug) #16

Description

@yxy-stu

First, I must admit that I cannot write issues in English very well. The following content was generated with the help of AI, and I hope it helps you:

While fuzzing milo-parser, I found that certain malformed HTTP inputs can cause the parser to allocate too much memory and crash with OOM (out-of-memory).

All the oom-* artifacts I found are the same bug, just different inputs triggering the same infinite / large allocation logic.

These are the affected artifacts:
oom-3586b4fb729b567c760bd801e767fd94be98b804
oom-80d8972eb629edb24a95b8f4603ef7f0b4607976
oom-da39a3ee5e6b4b0d3255bfef95601890afd80709

This is a DoS vulnerability because an attacker can send a small, malicious HTTP message to make the parser consume all memory and crash.
The bug is in the HTTP parsing logic when handling certain invalid headers / values.
The parser tries to allocate an unbounded amount of memory without limits.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions