CVE-2023-2512

Name of the Vulnerable Software and Affected Versions workerd versions prior to v1.20230419.0

Description The FormData API implementation in workerd was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements, potentially leading to a segmentation fault or arbitrary undefined behavior. To be exploitable, the process would need to allocate 160GB of RAM, and an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low.

Recommendations For versions prior to v1.20230419.0, update to version v1.20230419.0 or later to address the vulnerability. As a temporary workaround, consider restricting the use of the forEach() method on large FormData instances to minimize the risk of exploitation. Avoid using request.formData() to parse large form-encoded HTTP requests until the issue is resolved. Restrict access to deployments of workerd running on machines with a huge amount of memory to minimize the risk of exploitation.