[MEN-4803] [deviceconnect] API accepts arbitrary size messages - Northern.tech AS

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: (None)
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.1, 3.0.0, 2.6.2, 3.0.0-report
Labels:
- Backend

Days in progress:
0

Description

Currently there's a vulnerability in the websocket API in deviceconnect as it will accept and buffer messages of arbitrary, exposing a potential buffer overflow vector.

Acceptance criteria:

Messages over websockets must be constrain to a certain max size

Attachments

Activity

People

Assignee:

Alf-Rune Siqveland

Reporter:

Alf-Rune Siqveland

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

22/Jun/21 2:57 PM

Updated:

02/Jul/21 10:48 AM

Resolved:

02/Jul/21 10:48 AM