Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/hashicorp/yamux #3408

Open
1 task done
lattwood opened this issue Jan 17, 2025 · 1 comment
Open
1 task done

x/vulndb: potential Go vuln in github.com/hashicorp/yamux #3408

lattwood opened this issue Jan 17, 2025 · 1 comment
Labels
Direct External Report

Comments

@lattwood
Copy link

Acknowledgement

  • The maintainer(s) of the affected project have already been made aware of this vulnerability.

Description

The default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout of 30s and 10s create the possibility for timed out writes that most aren't handling in their readers.

Calls to Stream.Read on one side of a connection will hang until the underlying Session is closed if the corresponding Stream.Write call on the other side it's waiting for returns with ErrConnectionWriteTimeout. This happens in the case of network congestion between the two sides.

If you keep Session.sendCh full (fixed capacity of 64) for ConnectionWriteTimeout, but for less than the KeepAliveInterval + ConnectionWriteTimeout (which would kill the Session), Stream.Write will return ErrConnectionWriteTimeout. The state of the underlying Session or Stream is not modified. When this happens, the other side's Stream.Read call that's waiting for that write will never return because there's no timeout for this edge-case.

Since no keep alive timed out, you can continue to use the Session once the network congestion is resolved, but that Stream.Read call will only return when the Session closes or the response shows up. Since the write call on the other side timed out the call to Stream.Read will never return.

Any conditions that cause network writes to stall for 10-30 seconds can trigger this Denial of Service- extremely high CPU contention on either side of the connection, BGP reconvergence, etc. To resolve the Denial of Service issue, you have to re-establish the connections, which will usually require a hard restart of the service on either end of the connection.

Affected Modules, Packages, Versions and Symbols

Module: github.com/hashicorp/yamux
Package: github.com/hashicorp/yamux
Versions:
  - Introduced: 0.1.0
  - Fixed: N/A
Symbols:
  - DefaultConfig
  - Server
  - Client

CVE/GHSA ID

No response

Fix Commit or Pull Request

hashicorp/yamux#143

References

Additional information

No response
@lattwood lattwood changed the title x/vulndb: potential Go vuln in <github.com/hashicorp/yamux> x/vulndb: potential Go vuln in github.com/hashicorp/yamux Jan 17, 2025
@dduzgun-security
Copy link

dduzgun-security commented Jan 17, 2025
edited
Loading

Hi @lattwood, really appreciate all the work and details here.
Since HashiCorp is a CNA, we are responsible of evaluating, releasing and then issuing vulnerabilities that will get through the public vulnerability databases once published. We'll assist and help on the CVE submission part.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Direct External Report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lattwood @dduzgun-security