rdblue opened a new issue, #16455: URL: https://github.com/apache/iceberg/issues/16455
# Summary Malformed variant buffers can force large allocations and raw JVM exceptions before structural validation, turning small attacker-controlled payloads into a read-time denial of service path. # Affected Maven coordinates * primary shipped client artifact: `org.apache.iceberg:iceberg-api` # Attacker prerequisites * Any consumer that parses variant values from untrusted or semi-trusted Iceberg content is exposed. * The easiest attack is a tiny payload that advertises a very large element count or dictionary size. # Impact * A malicious variant payload can force large allocations before the payload is structurally validated. * The same code path can also fail with raw JVM exceptions such as `NegativeArraySizeException`, `ArrayIndexOutOfBoundsException`, and `IndexOutOfBoundsException` instead of a typed validation failure. * In a service that reads attacker-controlled tables or records, this is a straightforward availability issue. # Proof status Source review only. The issue is visible directly from source. # Key source references * org.apache.iceberg.variants.Variant * org.apache.iceberg.variants.VariantValue * org.apache.iceberg.variants.SerializedMetadata * org.apache.iceberg.variants.SerializedArray * org.apache.iceberg.variants.SerializedObject Current severity assessment [2]: Important [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
