CVE-2022-2592 Snippet descriptions in GitLab CE/EE prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 have a lack of length validation which can be abused by attackers to create maliciously large Snippets.

We have confirmed this issue was fixed in GitLab EE 15.2.5 and EE 15.3.2. You can upgrade to the latest version by following our upgrade documentation. Snippet creation with invalid length triggers Denial of Service in GitLab. Snippet creation with invalid length triggers Denial of Service in GitLab. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error. An attacker can create a snippet with a length which makes the snippet request larger than the server’s memory, causing the server to terminate with a memory error.

Mitigation

- GitLab EE 15.2.5 and EE 15.3.2
- Upgrade to the latest version of GitLab EE by following our upgrade documentation

Weak passwords and account creation

We have confirmed this issue was fixed in GitLab EE 15.3.2. You can upgrade to the latest version by following our upgrade documentation.

Fix

The issue was fixed in GitLab EE 15.2.5 and EE 15.3.2 by removing the snippet creation function which triggers the Denial of Service condition when creating a snippet with an invalid length or file size.

Timeline

Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 18:02:00 UTC

References