Objective: Compromise application using Facebook Folly by exploiting weaknesses or vulnerabilities within Folly itself, leading to unauthorized access and/or denial of service.
Attack Goal: Compromise Application Using Folly [CRITICAL NODE] ├───[1.0] Exploit Folly Vulnerabilities [CRITICAL NODE] │ ├───[1.1] Networking Vulnerabilities (Folly::Networking) [CRITICAL NODE] │ │ ├───[1.1.1] IOBuf Buffer Overflow/Underflow [CRITICAL NODE] [HIGH-RISK PATH] │ │ │ └───[1.1.1.1] Send crafted network packets exceeding IOBuf capacity [HIGH-RISK PATH] │ │ ├───[1.1.2] Socket Handling Errors │ │ │ └───[1.1.2.2] Cause resource exhaustion by manipulating socket connections (DoS) [HIGH-RISK PATH] │ │ ├───[1.1.3] Protocol Parsing Bugs (if using Folly for protocol handling) [CRITICAL NODE] │ │ │ └───[1.1.3.1] Exploit vulnerabilities in custom protocol parsers built with Folly tools [HIGH-RISK PATH] │ │ ├───[1.1.4] Denial of Service via Malformed Network Data [HIGH-RISK PATH] │ │ │ └───[1.1.4.1] Send packets that trigger excessive resource consumption in Folly's network stack [HIGH-RISK PATH] │ ├───[1.2] Concurrency Vulnerabilities (Folly::Concurrency) │ │ ├───[1.2.2] Deadlocks/Livelocks in Folly Executors [HIGH-RISK PATH] │ │ │ └───[1.2.2.1] Craft workloads that induce deadlocks or livelocks in Folly's thread pool executors (e.g., ThreadPoolExecutor) [HIGH-RISK PATH] │ ├───[1.3] Data Structure Vulnerabilities (Folly::Collections/Data Structures) [CRITICAL NODE] │ │ ├───[1.3.1] Hash Collision Denial of Service (e.g., F14ValueMap, FBHashMap) [HIGH-RISK PATH] │ │ │ └───[1.3.1.1] Send inputs that cause excessive hash collisions in Folly's hash map implementations, leading to performance degradation and DoS [HIGH-RISK PATH] │ ├───[1.4] Utility Function Vulnerabilities (Folly::Utility) │ │ ├───[1.4.1] Format String Bugs in Logging/Error Handling (if using Folly logging) [HIGH-RISK PATH] │ │ │ └───[1.4.1.1] Inject format string specifiers into log messages processed by Folly's logging utilities to leak information or cause crashes [HIGH-RISK PATH] │ │ ├───[1.4.3] Misuse of String Manipulation Functions [HIGH-RISK PATH] │ │ │ └───[1.4.3.1] Exploit vulnerabilities arising from incorrect usage of Folly's string manipulation utilities, potentially leading to buffer overflows or other issues. [HIGH-RISK PATH] │ └───[1.5] Dependency Vulnerabilities (Indirectly via Folly) [CRITICAL NODE] [HIGH-RISK PATH] │ └───[1.5.1] Vulnerabilities in Folly's Dependencies [HIGH-RISK PATH] │ └───[1.5.1.1] Exploit known vulnerabilities in libraries that Folly depends on (e.g., OpenSSL, Boost, etc.) if Folly doesn't properly mitigate them or uses vulnerable versions. [HIGH-RISK PATH]
Attack Tree Path: Attack Goal: Compromise Application Using Folly [CRITICAL NODE]
Attack Goal: Compromise Application Using Folly [CRITICAL NODE]
Attack Tree Path: ├───[1.0] Exploit Folly Vulnerabilities [CRITICAL NODE]
├───[1.0] Exploit Folly Vulnerabilities [CRITICAL NODE]
│ ├───[1.1] Networking Vulnerabilities (Folly::Networking) [CRITICAL NODE]
│ │ ├───[1.1.1] IOBuf Buffer Overflow/Underflow [CRITICAL NODE] [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.1.1.1] Send crafted network packets exceeding IOBuf capacity [HIGH-RISK PATH]
│ │ │ └───[1.1.1.1] Send crafted network packets exceeding IOBuf capacity [HIGH-RISK PATH]
Attack Tree Path: │ │ ├───[1.1.2] Socket Handling Errors
│ │ ├───[1.1.2] Socket Handling Errors
Attack Tree Path: │ │ │ └───[1.1.2.2] Cause resource exhaustion by manipulating socket connections (DoS) [HIGH-RISK PATH]
│ │ │ └───[1.1.2.2] Cause resource exhaustion by manipulating socket connections (DoS) [HIGH-RISK PATH]
Attack Tree Path: │ │ ├───[1.1.3] Protocol Parsing Bugs (if using Folly for protocol handling) [CRITICAL NODE]
│ │ ├───[1.1.3] Protocol Parsing Bugs (if using Folly for protocol handling) [CRITICAL NODE]
Attack Tree Path: │ │ │ └───[1.1.3.1] Exploit vulnerabilities in custom protocol parsers built with Folly tools [HIGH-RISK PATH]
│ │ │ └───[1.1.3.1] Exploit vulnerabilities in custom protocol parsers built with Folly tools [HIGH-RISK PATH]
│ │ ├───[1.1.4] Denial of Service via Malformed Network Data [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.1.4.1] Send packets that trigger excessive resource consumption in Folly's network stack [HIGH-RISK PATH]
│ │ │ └───[1.1.4.1] Send packets that trigger excessive resource consumption in Folly's network stack [HIGH-RISK PATH]
Attack Tree Path: │ ├───[1.2] Concurrency Vulnerabilities (Folly::Concurrency)
│ ├───[1.2] Concurrency Vulnerabilities (Folly::Concurrency)
Attack Tree Path: │ │ ├───[1.2.2] Deadlocks/Livelocks in Folly Executors [HIGH-RISK PATH]
│ │ ├───[1.2.2] Deadlocks/Livelocks in Folly Executors [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.2.2.1] Craft workloads that induce deadlocks or livelocks in Folly's thread pool executors (e.g., ThreadPoolExecutor) [HIGH-RISK PATH]
│ │ │ └───[1.2.2.1] Craft workloads that induce deadlocks or livelocks in Folly's thread pool executors (e.g., ThreadPoolExecutor) [HIGH-RISK PATH]
Attack Tree Path: │ ├───[1.3] Data Structure Vulnerabilities (Folly::Collections/Data Structures) [CRITICAL NODE]
│ ├───[1.3] Data Structure Vulnerabilities (Folly::Collections/Data Structures) [CRITICAL NODE]
Attack Tree Path: │ │ ├───[1.3.1] Hash Collision Denial of Service (e.g., F14ValueMap, FBHashMap) [HIGH-RISK PATH]
│ │ ├───[1.3.1] Hash Collision Denial of Service (e.g., F14ValueMap, FBHashMap) [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.3.1.1] Send inputs that cause excessive hash collisions in Folly's hash map implementations, leading to performance degradation and DoS [HIGH-RISK PATH]
│ │ │ └───[1.3.1.1] Send inputs that cause excessive hash collisions in Folly's hash map implementations, leading to performance degradation and DoS [HIGH-RISK PATH]
Attack Tree Path: │ ├───[1.4] Utility Function Vulnerabilities (Folly::Utility)
│ ├───[1.4] Utility Function Vulnerabilities (Folly::Utility)
Attack Tree Path: │ │ ├───[1.4.1] Format String Bugs in Logging/Error Handling (if using Folly logging) [HIGH-RISK PATH]
│ │ ├───[1.4.1] Format String Bugs in Logging/Error Handling (if using Folly logging) [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.4.1.1] Inject format string specifiers into log messages processed by Folly's logging utilities to leak information or cause crashes [HIGH-RISK PATH]
│ │ │ └───[1.4.1.1] Inject format string specifiers into log messages processed by Folly's logging utilities to leak information or cause crashes [HIGH-RISK PATH]
Attack Tree Path: │ │ ├───[1.4.3] Misuse of String Manipulation Functions [HIGH-RISK PATH]
│ │ ├───[1.4.3] Misuse of String Manipulation Functions [HIGH-RISK PATH]
Attack Tree Path: │ │ │ └───[1.4.3.1] Exploit vulnerabilities arising from incorrect usage of Folly's string manipulation utilities, potentially leading to buffer overflows or other issues. [HIGH-RISK PATH]
│ │ │ └───[1.4.3.1] Exploit vulnerabilities arising from incorrect usage of Folly's string manipulation utilities, potentially leading to buffer overflows or other issues. [HIGH-RISK PATH]
Attack Tree Path: │ └───[1.5] Dependency Vulnerabilities (Indirectly via Folly) [CRITICAL NODE] [HIGH-RISK PATH]
│ └───[1.5] Dependency Vulnerabilities (Indirectly via Folly) [CRITICAL NODE] [HIGH-RISK PATH]
Attack Tree Path: │ └───[1.5.1] Vulnerabilities in Folly's Dependencies [HIGH-RISK PATH]
│ └───[1.5.1] Vulnerabilities in Folly's Dependencies [HIGH-RISK PATH]
Attack Tree Path: │ └───[1.5.1.1] Exploit known vulnerabilities in libraries that Folly depends on (e.g., OpenSSL, Boost, etc.) if Folly doesn't properly mitigate them or uses vulnerable versions. [HIGH-RISK PATH]
│ └───[1.5.1.1] Exploit known vulnerabilities in libraries that Folly depends on (e.g., OpenSSL, Boost, etc.) if Folly doesn't properly mitigate them or uses vulnerable versions. [HIGH-RISK PATH]