ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞,通过返回畸形<title>标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具,修复已提交。 2025-6-26 07:49:32 Author: buaq.net(查看原文) 阅读量:0 收藏
Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag
ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞,通过返回畸形<title>标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具,修复已提交。
2025-6-26 04:37:53
Author: seclists.org(查看原文)
阅读量:37
收藏
Full Disclosure mailing list archives
From: Brian Carpenter via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 24 Jun 2025 16:04:56 +0000
Hey list,
You can remotely crash httpx v1.7.0 (by ProjectDiscovery) by serving a malformed <title> tag on your website. The bug
is a classic out-of-bounds read in trimTitleTags() due to a missing bounds check when slicing the title string. It
panics with:
panic: runtime error: slice bounds out of range [9:6]
Affects anyone using httpx in their automated scanning pipeline. One malformed HTML response = scanner down. Unit
testing or fuzzing this function would’ve caught it in 5 minutes. But it’s “just a bug.” 😂
💥 Trigger input:
<title</></title>0
📍 Vulnerable code:
func trimTitleTags(title string) string {
titleBegin := strings.Index(title, ">")
titleEnd := strings.Index(title, "</")
if titleEnd < 0 || titleBegin < 0 {
return title
}
return title[titleBegin+1 : titleEnd] // ← PANIC here
}
✅ Fix:
https://github.com/projectdiscovery/httpx/pull/2198
📂 PoC + context:
https://github.com/projectdiscovery/httpx/issues/2197
Crash scanners. Create blind spots. Chain with HTML injection. Happy hunting.
Stay glitchy,
—geeknik
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Brian Carpenter via Fulldisclosure (Jun 25)
文章来源: https://seclists.org/fulldisclosure/2025/Jun/26
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh