search

memgraph / memgraph

Open-source graph database, tuned for dynamic analytics environments. Easy to adopt, scale and own.
https://memgraph.com
Other
2.4k stars 118 forks source link

Incorrect "replace()" function cause database hanging and resource exhaustion, could lead to DoS attack #1822

Open Aurora-yzj opened 7 months ago

Aurora-yzj commented 7 months ago

Memgraph version 2.15.0

Environment Operating system: Ubuntu 22.04 Architecture: AMD64 Connect method: any connect method Driver: any driver

Describe the bug When passing an empty string to the replace() function, the database will hang and consume all system resources it can. The --query-execution-timeout-sec configuration also cannot limit the execution time in this circumstance.

To Reproduce Steps to reproduce the behavior:

  1. Run the following command to start memgraph: 
    ./memgraph --bolt-address 127.0.0.1 --bolt-port 37687 --storage-properties-on-edges true --query-execution-timeout-sec=1
  2. Run the query: 
    RETURN replace('123123123', '', '456456456')

    Memgraph will hang and occupy lots of memory space (for example, after executing the query for 5 minutes, it already took 50GiB of the memory space): 2024-03-15_14-32

Just as you note, despite the fact that I have set a limitation to the maximum execution time of the query, this query will still cause Memgraph to hang forever and consume massive resources. This could cause DoS attacks.

Expected behavior Normally finishing executing the query.

Thank you so much for your help!

Verification Environment

katarinasupe commented 7 months ago

Thank you @Aurora-yzj, for the report. I managed to reproduce the issue 🙏

katarinasupe commented 7 months ago

Just one note, memory limit is respected if resources are limited in the Docker container, so to reproduce that as well, it probably needs to be run natively.