Skip to content

Buffer Overflow and Insufficient Session Expiration #218

Open

Description

sonatype-2023-1010 The github.com/microsoft/go-mssqldb package is vulnerable to Buffer Overflow attacks. The readPLPType() function in the types.go file uses the size defined by an RPC message for the read buffer instead of a fixed buffer size when handling PLP types. An attacker can exploit this behavior by supplying a specially-crafted message that would cause a large memory allocation leading to memory corruption, an application crash or other unexpected behavior.

sonatype-2021-4899 The gorilla/sessions package is vulnerable due to Insufficient Session Expiration. The library allows for the creation of session cookies with the NewCookieStore() function in store.go. However, there is no mechanism available for invalidating user sessions once they have been created in this way. The documentation instructs users to set the MaxAge attribute of a cookie to -1 using the MaxAge() function in order to invalidate the session associated with it. However, this does not invalidate the users session on the server. A malicious user who is able to retrieve the value of a users' session cookie through a Cross-Site Scripting (XSS) attack, a Man-in-the-Middle (MitM) attack, or by some other means, will be able to use that session cookie to impersonate the user even after that user has logged out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions