Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-4803

[deviceconnect] API accepts arbitrary size messages

    XMLWordPrintable

    Details

    • Days in progress:
      0

      Description

      Currently there's a vulnerability in the websocket API in deviceconnect as it will accept and buffer messages of arbitrary, exposing a potential buffer overflow vector.

       

      Acceptance criteria:

      • Messages over websockets must be constrain to a certain max size

        Attachments

          Activity

            People

            • Assignee:
              alfrunes Alf-Rune Siqveland
              Reporter:
              alfrunes Alf-Rune Siqveland
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support