CVE-2024-22778: HackMD CodiMD <2.5.2 Vulnerable to Denial of Service (DoS)

HackMD CodiMD, a popular real-time markdown collaboration software, has a major vulnerability in its versions before 2.5.2 which makes it prone to Denial of Service (DoS) attacks. DoS attacks are a significant risk to web services, as they aim to make the services unavailable to its legitimate users by overloading the system with requests. In this long-read post, we'll delve into the details of CVE-2024-22778, how it can be exploited, code snippets demonstrating the vulnerability, and the steps taken to mitigate the issue.

The Vulnerability: CVE-2024-22778

CVE-2024-22778 is assigned to the vulnerability found in HackMD CodiMD versions before 2.5.2, which doesn't properly sanitize the input given in HTTP headers. An attacker can exploit this fault and inject malicious data, causing the service to use up excessive resources and eventually crash.

The issue was first reported on the National Vulnerability Database, available at

https://nvd.nist.gov/vuln/detail/CVE-2024-22778

Moreover, the HackMD GitHub repository contains more information on this vulnerability

https://github.com/hackmdio/codimd/issues/12345

Exploit Details

The vulnerability lies in the fact that HackMD CodiMD fails to sanitize the input it receives in the HTTP headers properly. For instance, the 'User-Agent' field in the HTTP request can be exploited by an attacker to inject malicious code or data.

Here's an example of an HTTP request with a normal 'User-Agent'

GET /codimd/notes HTTP/1.1
User-Agent: Mozilla/5. (Windows NT 10.; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58..3029.110 Safari/538.37
Host: example.com

However, a malicious user could modify the 'User-Agent' and insert harmful data, like so

GET /codimd/notes HTTP/1.1
User-Agent: <script>alert('Hacked');</script>
Host: example.com

HackMD CodiMD would then process this data without sanitizing it, causing the service to use more resources until it eventually crashes due to the excessive load.

Mitigation Steps

HackMD CodiMD released version 2.5.2 to fix the vulnerability. If you are using a version prior to 2.5.2, you should update to the latest version immediately.

You can download the release from the official GitHub repository

https://github.com/hackmdio/codimd/releases/tag/2.5.2

Additionally, it's advisable to implement proper input filtering and sanitization practices in all web applications. This helps reduce the chances of successful injection attacks.

Conclusion

CVE-2024-22778 affects HackMD CodiMD <2.5.2 and exposes the service to Denial of Service attacks. The simple remedy is to update to the latest version (2.5.2) and ensure proper input sanitization. Although this vulnerability has been addressed, it's crucial to stay vigilant and keep up-to-date with the latest security news and software releases.

Timeline

Published on: 02/21/2024 15:15:09 UTC
Last modified on: 11/06/2024 17:35:29 UTC