11 lines
643 B
Plaintext
11 lines
643 B
Plaintext
=== What is the potential impact?
|
|
|
|
An attacker with the capability to insert an arbitrary duration into a thread
|
|
suspension operation could suspend the corresponding thread for a long time.
|
|
Depending on the application's architecture and the thread handling logic, this
|
|
can lead to a complete Denial of Service of the application.
|
|
|
|
Indeed, if the number of threads, either created by the application or allocated
|
|
by a web server, is limited, the attacker will be able to suspend all of them at
|
|
the same time. Without any remaining thread to handle actions, the application
|
|
might badly answer, be slowed down, or become completely irresponsive. |