|
|
|
|
|
|
by BradSwain
466 days ago
|
|
|
This is a neat bug! A colleague and I spent some time last year looking for DoS vulnerabilities caused by recursing on user input [1]. TL;DR: With CodeQL and some manual review, we found several issues resulting in two assigned CVEs, a rustsec advisory, and a handful of fixes implemented in various projects. We mostly looked at Java projects. It is interesting to see a C vulnerability from around the same time. It would be cool to see a larger study on how common this issue is across different programming languages. [1]: https://resources.trailofbits.com/input-driven-recursion-whi... |
|
|