webtransport-go Memory Exhaustion Vulnerability via Unchecked WT_CLOSE_SESSION Error Messages
Vulnerability
A memory exhaustion vulnerability has been identified in webtransport-go, an implementation of the WebTransport protocol, affecting versions 0.3.0 prior to 0.9.0. The issue arises in the session management component, where the WT_CLOSE_SESSION capsule can be sent with an excessively large Application Error Message. The implementation fails to enforce the specified limit of 1024 bytes, allowing arbitrary payload sizes to be transmitted, fully read, and stored in memory. This oversight enables attackers to consume unlimited memory resources. While the complete payload must be sent to exploit this vulnerability, the absence of a size restriction facilitates large-scale attacks, provided there is enough bandwidth.
Impact
Exploitation of this vulnerability leads to excessive and arbitrary memory consumption, causing potential denial-of-service conditions by exhausting available memory resources.
Remediation
Users can upgrade to webtransport-go version 0.10.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.