8.2 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): Present (P)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): Present (P)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 functions in lib/mint/http1.ex accumulate every parsed response header and chunked-trailer field into a per-request list that persists across incoming TCP segments as request.headers_buffer, and only clear it when the terminating blank line is received. The section has no cap on the number of headers or on total bytes, and the underlying :erlang.decode_packet(:httph_bin, binary, []) parser is invoked with an empty option list so its per-line and per-packet size limits also default to unlimited. A malicious HTTP server (reachable directly, via an attacker-controlled redirect, via SSRF, or via a man-in-the-middle) can stream complete header lines (or, after a chunked body, complete trailer lines) indefinitely without ever emitting the terminating blank line. The connection state grows without bound until the BEAM node is killed by the operating system's out-of-memory handler, taking down the entire application that uses Mint as an HTTP client. This issue affects mint: from 0.1.0 before 1.9.2.
References
-
https://github.com/elixir-mint/mint/security/advisories/GHSA-qrfr-wh4c-3qhw relatedvendor-advisoryexploit
Affected products
- <1.9.2
- <566d702e6f29105f77522ca7aabb9f64f2f4e333
Matching in nixpkgs
pkgs.mint
Refreshing language for the front-end web
pkgs.mintotp
Minimal TOTP generator
pkgs.fedimint
Federated E-Cash Mint
pkgs.tendermint
Byzantine-Fault Tolerant State Machines. Or Blockchain, for short
pkgs.garmintools
Provides the ability to communicate with the Garmin Forerunner 305 via the USB interface
pkgs.latexminted
Python executable for LaTeX minted package
pkgs.mint-themes
Mint-X and Mint-Y themes for the cinnamon desktop
pkgs.mint-artwork
Artwork for the cinnamon desktop
pkgs.mint-l-theme
Mint-L theme for the Cinnamon desktop
pkgs.marwaita-mint
Variation for marwaita GTK theme based on linux mint color scheme
pkgs.mint-cursor-themes
Linux Mint cursor themes
pkgs.haskellPackages.mintty
A reliable way to detect the presence of a MinTTY console on Windows
pkgs.octavePackages.optiminterp
Optimal interpolation toolbox for octave
-
nixos-unstable 11.3.0-optiminterp-0.3.7
- nixpkgs-unstable 11.3.0-optiminterp-0.3.7
- nixos-unstable-small 11.3.0-optiminterp-0.3.7
-
nixos-26.05 11.1.0-optiminterp-0.3.7
- nixos-26.05-small 11.1.0-optiminterp-0.3.7
- nixpkgs-26.05-darwin 11.1.0-optiminterp-0.3.7
Package maintainers
-
@dpc Dawid Ciężarkiewicz <dpc@dpc.pw>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
-
@provokateurin Kate Döen
-
@ravenjoad Raven Hallsby <raven@hallsby.com>
-
@alexfmpe Alexandre Esteves <alexfmpe@proton.me>