[security] nowjs: One-message denial of service attack, makes CPU get stuck in infinite loop
48 views
Skip to first unread message
Jann Horn
Dec 22, 2011, 2:38:50 PM12/22/11
to nod...@googlegroups.com, te...@flotype.com
Hello,
approximately a month ago, I told the nowjs guys about this issue.
Basically, everyone who can connect to a nowjs server is able to lock
it into an infinite loop forever just by sending a little JSON message
from a connected browser. I have a PoC, and I sent it to
te...@flotype.com Nov 30. If they don't release a patch within two
weeks or so, I'll send this PoC to the nodejs ML.
approximately a month ago, I told the nowjs guys about this issue.
Basically, everyone who can connect to a nowjs server is able to lock
it into an infinite loop forever just by sending a little JSON message
from a connected browser. I have a PoC, and I sent it to
te...@flotype.com Nov 30. If they don't release a patch within two
weeks or so, I'll send this PoC to the nodejs ML.
Darshan Shankar
Dec 24, 2011, 5:51:56 PM12/24/11
to nod...@googlegroups.com
This was fixed recently on the NowJS master:
Reply all
Reply to author
Forward
0 new messages