Denial of service in Cryptacular

Published: 2020-01-24 | Updated: 2020-05-12

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-7226
CWE-ID	CWE-400
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Cryptacular Universal components / Libraries / Software for developers
Vendor	Middleware Services

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU27702

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-7226

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within CiphertextHeader.java in Cryptacular. A remote attacker can trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryptacular: 1.2.3

CPE2.3

cpe:2.3:a:middleware_services:cryptacular:1.2.3:*:*:*:*:*:*:*

External links

https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153
https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153
https://github.com/vt-middleware/cryptacular/issues/52
https://lists.apache.org/thread.html/r380781f5b489cb3c818536cd3b3757e806bfe0bca188591e0051ac03@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945@%3Cdev.ws.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.