Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ewe: Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerability Description
ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected trailer headers (forbidden or undeclared) cause an infinite loop. When handle_trailers encounters such a trailer, three code paths (lines 520, 523, 526) recurse with the original buffer (rest) instead of advancing past the rejected header (Buffer(header_rest, 0)), causing decoder.decode_packet to re-parse the same header on every iteration. The resulting loop has no timeout or escape — the BEAM process permanently wedges at 100% CPU. Any application that calls ewe.read_body on chunked requests is affected, and this is exploitable by any unauthenticated remote client before control returns to application code, making an application-level workaround impossible. This issue is fixed in version 3.0.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
无效指针解引用
Vulnerability Title
ewe 安全漏洞
Vulnerability Description
ewe是Vladislav Shakitskiy个人开发者的一个轻量级Web服务器构建包。 ewe 3.0.4及之前版本存在安全漏洞,该漏洞源于handle_trailers函数存在无限循环,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A