A OOM problem was found in netty-socketio

Question

A OOM problem was found in netty-socketio

Alex111998 opened this issue 9 months ago · 1 comments

Alex111998 commented 9 months ago

When I test the latest version(2.0.6) of netty-socketio by CIFuzz，a OOM security issue was found, it caused when put a big number in Packet, may cause denial of service issues in applications via the follow code:

pom

<dependency>
       <groupId>com.corundumstudio.socketio</groupId>
       <artifactId>netty-socketio</artifactId>
       <version>2.0.6</version>
</dependency>

code

import com.corundumstudio.socketio.protocol.Packet;

public class NettySocketio_OOM {

    public static void main(String[] args) {
        try {
            Packet packet = new Packet(null);
            packet.initAttachments(1832742252);
        } catch (Exception e) {
        }
    }
}

Answer 1 · 2024-01-23T10:42:20.000Z

Fixed. Thanks for report