[GHSA-cpf9-ph2j-ccr9] zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

[ryanbekhen]

Updates

• Affected products
• Description

Comments
The suggested improvements are based on the vulnerability description in GHSA-cpf9-ph2j-ccr9.
Adding an upper bound check and token validation prevents unbounded memory allocation.
Reference: GHSA-cpf9-ph2j-ccr9
Similar fixes were introduced in v2.0.1, so backporting to older versions would improve security.
Unit tests for malicious cookie input will ensure robustness against DoS attempts.

[github]

Hi there @mikegorman-nf! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[shelbyc]

Hi @ryanbekhen, because a patch already exists, a Suggested Improvements section is unnecessary. Users who want to suggest a backported fix should provide that feedback to maintainers, not to the GitHub Advisory Database. Thank you for your interest in GHSA-cpf9-ph2j-ccr9.