lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <SKw_ToHIuGYva1PSf5wyhtjsAF3lJsdULyyEJXoci7eNUXAHVfX9xfir2ESPsbFoSHSW5muf3n20U1ny-TnWmhrbHo8-6yy-1Qi7wVc17Ko=@protonmail.ch> Date: Tue, 24 Jun 2025 16:04:56 +0000 From: Brian Carpenter via Fulldisclosure <fulldisclosure@...lists.org> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Hey list, You can remotely crash httpx v1.7.0 (by ProjectDiscovery) by serving a malformed <title> tag on your website. The bug is a classic out-of-bounds read in trimTitleTags() due to a missing bounds check when slicing the title string. It panics with: panic: runtime error: slice bounds out of range [9:6] Affects anyone using httpx in their automated scanning pipeline. One malformed HTML response = scanner down. Unit testing or fuzzing this function would’ve caught it in 5 minutes. But it’s “just a bug.” 😂 💥 Trigger input: <title</></title>0 📍 Vulnerable code: func trimTitleTags(title string) string { titleBegin := strings.Index(title, ">") titleEnd := strings.Index(title, "</") if titleEnd < 0 || titleBegin < 0 { return title } return title[titleBegin+1 : titleEnd] // ← PANIC here } ✅ Fix: https://github.com/projectdiscovery/httpx/pull/2198 📂 PoC + context: https://github.com/projectdiscovery/httpx/issues/2197 Crash scanners. Create blind spots. Chain with HTML injection. Happy hunting. Stay glitchy, —geeknik _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists