mtrudel Bandit HTTP/2 Memory Exhaustion Vulnerability Allowing Denial-of-Service
Vulnerability
A vulnerability in the mtrudel Bandit web server in Elixir allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The issue arises because the frame size limit is checked only after the entire frame body has been buffered in memory. This flaw enables an attacker to exploit the server's memory management, leading to potential denial-of-service conditions. The vulnerability affects Bandit versions 0.3.6 prior to 1.11.0.
Impact
Exploitation of this vulnerability causes excessive memory usage, leading to resource exhaustion and potential denial-of-service conditions on the server.
Reproduction
The vulnerability can be reproduced by opening an HTTP/2 connection to a Bandit server and sending a frame header that announces a length of approximately 16 MiB. The server will silently accept the frame body, exceeding the negotiated maximum frame size, and can be observed by polling for a 'GOAWAY' response.
Remediation
Users can upgrade to Bandit version 1.11.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.