http-signature/lib/parser.js
246: for (i = 0; i < parsed.params.headers.length; i++) {
http-signature/lib/parser.js
143: var authz = request.headers[authzHeaderName];
http-signature/lib/parser.js
144: for (i = 0; i < authz.length; i++) {
Risks:
An attacker could provide a very high loop iteration count, causing the loop to go on for prolonged periods of time, potentially causing the application to stop responding. Additionally, if the operation inside the loop is tied to some exhaustible functionality, it may cause bloat elsewhere; For example - if file writes occur inside the loop, then an attacker can cause that file to bloat by simply engaging this file writing capability a very high amount of times.
The application relied on a user-provided value to determine the number of iterations performed by a loop, without enforcing a limited range for this value.
Affected files: http-signature/lib/parser.js
143: var authz = request.headers[authzHeaderName];http-signature/lib/parser.js
145: var c = authz.charAt(i);http-signature/lib/parser.js
186: tmpValue += c;http-signature/lib/parser.js
183: parsed.params[tmpName] = tmpValue;http-signature/lib/parser.js
246: for (i = 0; i < parsed.params.headers.length; i++) {http-signature/lib/parser.js
143: var authz = request.headers[authzHeaderName];http-signature/lib/parser.js
145: var c = authz.charAt(i);http-signature/lib/parser.js
186: tmpValue += c;http-signature/lib/parser.js
183: parsed.params[tmpName] = tmpValue;http-signature/lib/parser.js
217: parsed.params.headers = parsed.params.headers.split(' ');http-signature/lib/parser.js
246: for (i = 0; i < parsed.params.headers.length; i++) {http-signature/lib/parser.js
143: var authz = request.headers[authzHeaderName];http-signature/lib/parser.js
145: var c = authz.charAt(i);http-signature/lib/parser.js
186: tmpValue += c;http-signature/lib/parser.js
183: parsed.params[tmpName] = tmpValue;http-signature/lib/parser.js
217: parsed.params.headers = parsed.params.headers.split(' ');http-signature/lib/parser.js
246: for (i = 0; i < parsed.params.headers.length; i++) {http-signature/lib/parser.js
143: var authz = request.headers[authzHeaderName];http-signature/lib/parser.js
144: for (i = 0; i < authz.length; i++) {Risks: An attacker could provide a very high loop iteration count, causing the loop to go on for prolonged periods of time, potentially causing the application to stop responding. Additionally, if the operation inside the loop is tied to some exhaustible functionality, it may cause bloat elsewhere; For example - if file writes occur inside the loop, then an attacker can cause that file to bloat by simply engaging this file writing capability a very high amount of times.
The application relied on a user-provided value to determine the number of iterations performed by a loop, without enforcing a limited range for this value.