Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-4803

[deviceconnect] API accepts arbitrary size messages

    XMLWordPrintable

    Details

    • Story Points:
      1
    • Backlog:
      yes
    • Days in progress:
      0

      Description

      Currently there's a vulnerability in the websocket API in deviceconnect as it will accept and buffer messages of arbitrary, exposing a potential buffer overflow vector.

       

      Acceptance criteria:

      • Messages over websockets must be constrain to a certain max size

        Attachments

          Activity

            People

            Assignee:
            alfrunes Alf-Rune Siqveland
            Reporter:
            alfrunes Alf-Rune Siqveland
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support