OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file. The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace **legit plugin image** with no need to change its signature. Version 2.5.3 contains a patch.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

未加控制的资源消耗(资源穷尽)

OpenBao 安全漏洞

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.5.3之前版本存在安全漏洞，该漏洞源于OCI插件下载器中的ExtractPluginFromImage函数在流式解压tar数据时未限制写入字节数，可能导致攻击者通过特制镜像进行解压炸弹攻击，造成磁盘耗尽。

N/A

N/A