Skip to content

Latest commit

 

History

History
27 lines (20 loc) · 3.03 KB

threat-modeling.md

File metadata and controls

27 lines (20 loc) · 3.03 KB

Threat Model Analysis for apache/commons-codec

Threat: Denial of Service via Excessive Memory Allocation (Base64 Decoding)

  • Threat: Denial of Service via Excessive Memory Allocation (Base64 Decoding)

    • Description: An attacker sends a very long, seemingly valid Base64 encoded string to the application. The application, without checking the input length before decoding, passes this string to Base64.decodeBase64(). The decoded output is significantly larger than the encoded input, potentially consuming all available memory and causing the application to crash or become unresponsive. The attacker does not need to know the content of the decoded data; the sheer size is the attack vector.
    • Impact: Application unavailability (Denial of Service). Potentially, the entire server could become unresponsive if the application consumes all available resources.
    • Affected Component: org.apache.commons.codec.binary.Base64, specifically the decodeBase64() method (and related methods like decodeBase64String()).
    • Risk Severity: High
    • Mitigation Strategies:
      • Input Length Restriction: Implement a strict maximum length limit on the encoded Base64 input before calling decodeBase64(). This limit should be based on the application's expected data size and be significantly smaller than the available memory.
      • Streaming Decoding (If Applicable): If the application must handle potentially large Base64 inputs, consider using a streaming decoder (e.g., Base64InputStream). This processes the input in chunks, avoiding the need to load the entire decoded output into memory at once. This adds complexity but provides better protection against large inputs.
      • Resource Monitoring: Implement monitoring to detect excessive memory usage by the application. This can provide early warning of potential DoS attacks.

Threat: Denial of Service via Excessive Memory Allocation (Hex Decoding)

  • Threat: Denial of Service via Excessive Memory Allocation (Hex Decoding)

    • Description: Similar to the Base64 DoS, but the attacker uses a very long Hex encoded string. The application passes this to Hex.decodeHex() without prior length checks. The decoded output, while smaller than the Base64 case (2:1 ratio), can still be substantial enough to cause a DoS.
    • Impact: Application unavailability (Denial of Service).
    • Affected Component: org.apache.commons.codec.binary.Hex, specifically the decodeHex() method.
    • Risk Severity: High
    • Mitigation Strategies:
      • Input Length Restriction: Implement a strict maximum length limit on the encoded Hex input before calling decodeHex(). This limit should be based on the application's needs.
      • Resource Monitoring: As with Base64, monitor for excessive memory usage.