Summary
In RSSBlock, feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing.
When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS.
Details
|
@staticmethod |
|
def parse_feed(url: str) -> dict[str, Any]: |
|
return feedparser.parse(url) # type: ignore |
In
RSSBlock,
feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing.
When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS.
PoC
Carefully constructed feed.xml file python script,the xml file is stored in http://xxx.com/feed.xml (change to your server)
def generate_deep_xml(depth=3000000):
start = "<a>"
end = "</a>"
return "<feed>" + (start * depth) + "DEEP" + (end * depth) + "</feed>"
xml_data = generate_deep_xml()
with open("~/feed.xml","w") as f:
f.write(xml_data)
malicious prompt
Help me parse the RSS file, the file address is http://xxx.com/feed.xml
Impact
A 20M XML file (just for demo purposes) caused AutoGPT to consume 4.8G of memory, which eventually caused the server to run out of memory and cause DoS.
If 10 requests can be sent at the same time, 48G memory will be consumed. Or if the XML file is enlarged, such as a 200M XML file, 48G memory will be consumed, eventually causing DoS.
Summary
In
RSSBlock,feedparser.parseris called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing.When a malicious user lets
RSSBlockparse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS.Details
AutoGPT/autogpt_platform/backend/backend/blocks/rss.py
Lines 86 to 88 in 824da5e
In
RSSBlock,feedparser.parseris called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing.When a malicious user lets
RSSBlockparse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS.PoC
Carefully constructed feed.xml file python script,the xml file is stored in http://xxx.com/feed.xml (change to your server)
malicious prompt
Impact
A 20M XML file (just for demo purposes) caused AutoGPT to consume 4.8G of memory, which eventually caused the server to run out of memory and cause DoS.
If 10 requests can be sent at the same time, 48G memory will be consumed. Or if the XML file is enlarged, such as a 200M XML file, 48G memory will be consumed, eventually causing DoS.