Datalust Seq Denial-of-Service Vulnerability Due to Insecure Default Parsing Depth Limit

A denial-of-service vulnerability has been identified in Datalust Seq versions prior to 2024.3.13545. The issue arises from an insecure default parsing depth limit that allows excessive stack consumption when processing user-supplied queries with deeply nested expressions. This can lead to a stack overflow and cause the application to crash. The vulnerability can be exploited by an authenticated user with 'Read' permissions who executes a crafted search or SQL query.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a crash of the Seq application.

Reproduction

The vulnerability can be reproduced by an authenticated user with 'Read' permissions who executes a query containing deeply nested expressions. This can be done through the Seq user interface by creating a signal with multiple filters, including one that excludes events based on certain conditions. After adding a significant number of filters, the application is likely to crash due to the stack overflow.

Remediation

Users are advised to update to Datalust Seq version 2024.3.13545 or later. This update is available on the Datalust website or via the Datalust/Seq Docker image.