DoS Vulnerability in shell

Description

To whom it may concern,

I have encountered what I believe to be a denial of service vulnerability in Zephyr OS v1.13.0 that causes the OS to crash. Testing was done on the echo_server sample app running in qemu_x86. Introducing two large buffers of any character to the shell environment back to back and attempting to load the most previous buffer by pressing the up arrow key in the shell causes the OS to crash.

Steps to Reproduce:
1. Launch Zephyr OS in QEMU.
2. Enter 150 "A"s into the terminal. Press Enter.
3. Enter 234 "A"s into the terminal. Press Enter.
4. Press up arrow twice on keyboard to load previous entered commands.
5. OS crashes.

Please find attached a screen recording (MP4) of the crash condition. Feel free to reach out with any further questions.

Thanks,
dubfr33

=======================================================================
Follow up note:

The vulnerability mentioned below can be triggered by entering the "history" command in the shell after introducing the two large buffers as well. The steps to reproduce are as follows:

1. Launch Zephyr OS in QEMU.
2. Enter 150 "A"s into the terminal. Press Enter.
3. Enter 234 "A"s into the terminal. Press Enter.
4. Issue the "history" command in the shell environment.
5. OS crashes.

This enables the vulnerability to be exploited remotely on Zephyr OS hosts with telnet enabled.

Thanks,
dubfr33

Environment

None

Assignee

Paul Sokolovskyy

Reporter

dubfr33

Labels

None

Authorized viewers

None

CVE

CVE-2017-14201

Embargo Lift

None

Fix versions

Affects versions

Priority

Medium
Configure