Rust-Zserio (<= 0.5.3) — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/rust-zserio--0.5.3/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 09 Jan 2024 12:00:00 +0000rust-zserio Unbounded Memory Allocation Vulnerabilityhttps://feed.craftedsignal.io/briefs/2024-01-09-rust-zserio-memory-allocation/Tue, 09 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-09-rust-zserio-memory-allocation/The rust-zserio package is vulnerable to unbounded memory allocation when deserializing arrays, strings, or bytes (blob) types, allowing an attacker to cause a denial-of-service by providing a crafted data file with a large size value.The rust-zserio package, versions 0.5.3 and earlier, is susceptible to an unbounded memory allocation vulnerability. This flaw arises during the deserialization of arrays, strings, or byte (blob) types. The library reads the size of the incoming data from the serialized input itself, and subsequently allocates memory based on this size. Due to the absence of proper size validation, a malicious actor can exploit this by crafting a data file containing an excessively large size value. This would force the rust-zserio runtime to allocate a substantial amount of memory, potentially leading to a denial-of-service condition. This vulnerability poses a significant risk to applications that process zserio-encoded messages from untrusted sources, as it can be triggered remotely through a specially crafted input.

Attack Chain

  1. An attacker crafts a malicious zserio-encoded data file.
  2. The malicious data file contains a manipulated size value for an array, string, or blob field. This size value is set to an extremely large number.
  3. The vulnerable rust-zserio library attempts to deserialize the data file.
  4. During deserialization, the library reads the manipulated size value from the data file.
  5. The library attempts to allocate memory based on the excessively large size value.
  6. The excessive memory allocation consumes available system resources.
  7. The application becomes unresponsive due to resource exhaustion.
  8. The system experiences a denial-of-service, impacting availability.

Impact

Successful exploitation of this vulnerability leads to a denial-of-service condition. Affected applications become unresponsive, potentially disrupting critical services. The number of victims depends on the prevalence of rust-zserio in systems that process untrusted data. The impact is significant, as it can lead to service outages and potentially impact other applications running on the same system due to resource exhaustion.

Recommendation

  • Apply the patch from commit 57f5fb to remediate the unbounded memory allocation vulnerability.
  • Implement input validation to check the size of arrays, strings, or blob types before memory allocation.
  • Monitor resource consumption of rust-zserio applications to detect abnormal memory allocation patterns. Deploy the “Detect Excessive Memory Allocation by rust-zserio” Sigma rule to identify potential exploitation attempts.
]]>mediumadvisorydenial-of-servicememory-allocation