漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
Vulnerability Description
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Exploitation requires authenticated file-upload access and the impact is limited to availability (denial of service). The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds a metadata preflight check that sums projected entry sizes and a streaming writer that enforces the aggregate limit during decompression. As a workaround, restrict file-upload permissions to trusted users or place a reverse proxy with request-body size limits in front of `coderd`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Vulnerability Title
Coder 资源管理错误漏洞
Vulnerability Description
Coder是Coder组织开源的一个可以在公共或私有云基础设施中设置开发环境的应用程序。 Coder存在资源管理错误漏洞,该漏洞源于`/api/v2/files`接口在处理zip上传转换为tar时,未对总解压输出设置聚合大小限制,导致写入无界内存缓冲区,可能导致拒绝服务。以下版本受到影响:2.17.0版本至2.29.17之前版本、2.30.0版本至2.32.7之前版本、2.33.0版本至2.33.8之前版本和2.34.0版本至2.34.2之前版本。
CVSS Information
N/A
Vulnerability Type
N/A