Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-699

CVE-2014-3651 Denial of service vulnerability in QR code generation [keycloak]

    Details

    • Security Sensitive Issue:
      This issue is security relevant
    • Steps to Reproduce:
      Hide

      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc

      The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

      Show
      $ wget http://localhost:8080/auth/qrcode?size=10000x3000&contents=abc The impact depends on how the image size compares to the Java heap size, and if multiple such requests are issued in parallel.

      Description

      If an unnaturally image size is requested from the qrcode service, a OutOfMemoryError exception may occur in the JVM, destabilizing the JVM and leading to a denial of service.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                stianst Stian Thorgersen
                Reporter:
                fweimer Florian Weimer
                Involved:
                Bill Burke, Trevor Jay
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: