Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
Signal K Server versions prior to 2.19.0 are vulnerable to a Denial of Service (DoS) attack. An unauthenticated attacker can crash the server by flooding the /signalk/v1/access/requests endpoint, leading to a JavaScript heap out of memory error and service unavailability. This vulnerability poses a significant risk to boat owners relying on Signal K for critical navigation and monitoring functions.
Step 1: Target Identification: The attacker identifies a Signal K Server instance running a vulnerable version (prior to 2.19.0). This can be achieved through port scanning or other reconnaissance techniques.
Step 2: Request Generation: The attacker crafts a large number of HTTP requests targeting the /signalk/v1/access/requests endpoint. These requests can be simple, valid HTTP requests, as the vulnerability does not require any specific content.
Step 3: Request Flooding: The attacker sends the crafted requests to the target server at a high rate, overwhelming the server's capacity to process them.
Step 4: Memory Exhaustion: The server, lacking rate limiting or memory management, attempts to store each request object in memory, leading to a rapid increase in memory consumption.
Step 5: Heap Overflow and Crash: The server's memory allocation eventually exceeds the available JavaScript heap space, triggering a 'JavaScript heap out of memory' error. This error causes the Signal K Server process to crash, resulting in a Denial of Service.
The vulnerability stems from a lack of rate limiting and unbounded storage of access request objects within the Signal K Server. Specifically, the server fails to implement any mechanism to limit the number of requests processed or the memory allocated to store them. When an attacker floods the /signalk/v1/access/requests endpoint with a large number of requests, the server attempts to store each request object in memory. This leads to an exponential growth in memory consumption, eventually exhausting the available JavaScript heap space. The 'JavaScript heap out of memory' error is a direct consequence of this unbounded memory allocation, causing the server to crash and become unresponsive. The root cause is a missing input validation and resource management within the access request handling logic.