Genivia gSOAP Denial-of-Service Vulnerability Due to XML Parsing of Duplicate ID Attributes

A denial-of-service vulnerability has been identified in Genivia gSOAP, specifically in versions prior to 2.8.133. When certain options are used with the gSOAP tools 'wsdl2h' or 'soapcpp2', an unauthenticated remote attacker can induce a high CPU load by forcing the parser to process XML files containing duplicate ID attributes. This issue can arise when the software is compiled with specific flags and the resulting application is exposed to crafted XML data.

Impact

Exploitation of this vulnerability can lead to a significant increase in CPU usage, causing the application to become unresponsive or slow down considerably.

Reproduction

The vulnerability can be reproduced by compiling a gSOAP application with the 'wsdl2h' or 'soapcpp2' tools, using the '-c++11' (or '-c++14' or '-c++17') option in combination with the '-d' option to generate DOM 'xsd__anyType' members. Once the application is built, it can be tested by sending XML data with duplicate ID attributes, which will trigger the excessive CPU load.

Remediation

Users are advised to upgrade to gSOAP version 2.8.133 or later. For those using versions 2.7.x to 2.8.x, a recent update can be downloaded from the official gSOAP download page.