8.7 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2. When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition. This issue affects mint: from 0.5.0 before 1.9.1.
References
-
https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r relatedexploitvendor-advisory
Affected products
- <1.9.1
- <193ce714907d16e8adc4ab3c40e4f0c2f045b2a6
Matching in nixpkgs
pkgs.mint
Refreshing language for the front-end web
pkgs.mintotp
Minimal TOTP generator
pkgs.fedimint
Federated E-Cash Mint
pkgs.tendermint
Byzantine-Fault Tolerant State Machines. Or Blockchain, for short
pkgs.garmintools
Provides the ability to communicate with the Garmin Forerunner 305 via the USB interface
pkgs.latexminted
Python executable for LaTeX minted package
pkgs.mint-themes
Mint-X and Mint-Y themes for the cinnamon desktop
pkgs.mint-artwork
Artwork for the cinnamon desktop
pkgs.mint-l-theme
Mint-L theme for the Cinnamon desktop
pkgs.marwaita-mint
Variation for marwaita GTK theme based on linux mint color scheme
pkgs.mint-cursor-themes
Linux Mint cursor themes
pkgs.haskellPackages.mintty
A reliable way to detect the presence of a MinTTY console on Windows
pkgs.octavePackages.optiminterp
Optimal interpolation toolbox for octave
-
nixos-unstable 11.3.0-optiminterp-0.3.7
- nixpkgs-unstable 11.3.0-optiminterp-0.3.7
- nixos-unstable-small 11.3.0-optiminterp-0.3.7
-
nixos-26.05 11.1.0-optiminterp-0.3.7
- nixos-26.05-small 11.1.0-optiminterp-0.3.7
- nixpkgs-26.05-darwin 11.1.0-optiminterp-0.3.7
Package maintainers
-
@dpc Dawid Ciężarkiewicz <dpc@dpc.pw>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@provokateurin Kate Döen
-
@ravenjoad Raven Hallsby <raven@hallsby.com>
-
@alexfmpe Alexandre Esteves <alexfmpe@proton.me>