Node.js zlib Module DoS
zlib is a lossless compression library which is natively supported by Node.js. It can be called inside the code via a wrapper module:
const binding = process.binding('zlib');
The windowBit value in the zlib library could be assigned by a client request by sending the "server_max_window_bits=X" and "client_max_window_bits=X" values in the "Sec-WebSocket-Extensions" header.
Below is the logic of error exception handling in zlib. When the windowBit value is set to 8, it won't fall into any of the conditions of throwing an Z_STREAM_ERROR and leads to an unhandled exception.
In order to exploit this DoS vulnerability, an attack could simply send a HTTP request and set the windowBit to 8:
SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:
- IPS 13169: Node.js zlib Module DoS
- WAF 1674: Node.js zlib Module DoS