Buffer Overflow(sonatype-2023-1010)

[BlackSwan18]

Writing this with reference to #218

The vulnerability sonatype-2023-1010 is still present.

Vulnerability Description
The github.com/microsoft/go-mssqldb package is vulnerable to Buffer Overflow attacks. The readPLPType() function in the types.go file uses the size defined by an RPC message for the read buffer instead of a fixed buffer size when handling PLP types. An attacker can exploit this behavior by supplying a specially-crafted message that would cause a large memory allocation leading to memory corruption, an application crash or other unexpected behavior.

Recommendation
Use fixed buffer size when reading variable length messages

Check out this:
gravitational#7

[shueybubbles]

I don't see why we would fix this. The client app shouldn't be connecting to bad servers, and the driver supports TDS8/TLS1.3 as the way to do that.

[shueybubbles]

Also - if the data is big, it doesn't matter if we read it in chunks, eventually we have to accrue all the data in memory.