A OOM problem was found in netty-socketio
Alex111998 opened this issue · 1 comments
Alex111998 commented
When I test the latest version(2.0.6) of netty-socketio by CIFuzz,a OOM security issue was found, it caused when put a big number in Packet, may cause denial of service issues in applications via the follow code:
pom
<dependency>
<groupId>com.corundumstudio.socketio</groupId>
<artifactId>netty-socketio</artifactId>
<version>2.0.6</version>
</dependency>
code
import com.corundumstudio.socketio.protocol.Packet;
public class NettySocketio_OOM {
public static void main(String[] args) {
try {
Packet packet = new Packet(null);
packet.initAttachments(1832742252);
} catch (Exception e) {
}
}
}
mrniko commented
Fixed. Thanks for report