admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2019-16764.json

Browse Source
This commit is contained in:
Robert Schultheis 2019-11-25 10:09:28 -07:00
parent 199527d054
commit 70791c1186
No known key found for this signature in database
GPG Key ID: 348C4211B4D8BB40
1 changed files with 106 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2019/16xxx/CVE-2019-16764.json Normal file
View File

@ -0,0 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16764",
"STATE": "PUBLIC",
"TITLE": "PowAssent is susceptible to denial of service attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pow_assent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "< 0.4.4",
"version_value": "0.4.4"
}
]
}
}
]
},
"vendor_name": "pow-auth"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetch the provider configuration value. This is unsafe as it is user provided data, and can be used to fill up the whole atom table of ~1M which will cause the app to crash."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pow-auth/pow_assent/security/advisories/GHSA-368c-xvrv-x986",
"refsource": "CONFIRM",
"url": "https://github.com/pow-auth/pow_assent/security/advisories/GHSA-368c-xvrv-x986"
},
{
"name": "https://hex.pm/packages/pow_assent",
"refsource": "MISC",
"url": "https://hex.pm/packages/pow_assent"
},
{
"name": "http://erlang.org/doc/efficiency_guide/commoncaveats.html#list_to_atom-1",
"refsource": "MISC",
"url": "http://erlang.org/doc/efficiency_guide/commoncaveats.html#list_to_atom-1"
},
{
"name": "https://github.com/pow-auth/pow_assent/commit/026105eeecc0e3c2f807e7109e745ea93c0fd9cf",
"refsource": "MISC",
"url": "https://github.com/pow-auth/pow_assent/commit/026105eeecc0e3c2f807e7109e745ea93c0fd9cf"
}
]
},
"source": {
"advisory": "GHSA-368c-xvrv-x986",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "A plug can be used to validate conn.params[&quot;provider&quot;] before it reaches the PowAssent.Phoenix.AuthorizationController."
}
]
}