Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime error: slice bounds out of range #3347

Closed
AM8bit opened this issue Feb 20, 2023 · 1 comment · Fixed by projectdiscovery/utils#109
Closed

runtime error: slice bounds out of range #3347

AM8bit opened this issue Feb 20, 2023 · 1 comment · Fixed by projectdiscovery/utils#109
Assignees
@Mzack9999
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v2.9.1

Comments

@AM8bit
Copy link

AM8bit commented Feb 20, 2023
edited by tarunKoyalwar
Loading

Nuclei version:
[INF] Using Nuclei Engine 2.8.9 (latest)
[INF] Using Nuclei Templates 9.3.7 (latest)

Current Behavior:

panic: runtime error: slice bounds out of range [17720:0]

goroutine 21525684 [running]:
bytes.(*Buffer).grow(0xc02e4a2ba0, 0x58fa8)
        /usr/local/go/src/bytes/buffer.go:142 +0x1f5
bytes.(*Buffer).Write(0xc02e4a2ba0, {0xc0116a2000, 0x58fa8, 0xc0116a2001?})
        /usr/local/go/src/bytes/buffer.go:170 +0x66
bytes.(*Buffer).WriteTo(0xc02e4a2bd0, {0x295c6c0?, 0xc02e4a2ba0?})
        /usr/local/go/src/bytes/buffer.go:252 +0x83
io.copyBuffer({0x295c6c0, 0xc02e4a2ba0}, {0x295c6a0, 0xc02e4a2bd0}, {0x0, 0x0, 0x0})
        /usr/local/go/src/io/io.go:409 +0x16e
io.Copy(...)
        /usr/local/go/src/io/io.go:386
github.com/projectdiscovery/utils/reader.ReusableReadCloser.reset({{0x29611a0?, 0xc02e2a7680?}, 0xc02e4a2ba0?, 0xc02e4a2bd0?})
        /home/op/go/pkg/mod/github.com/projectdiscovery/[email protected]/reader/reusable_read_closer.go:89 +0x46
github.com/projectdiscovery/utils/reader.ReusableReadCloser.Read({{0x29611a0?, 0xc02e2a7680?}, 0xc02e4a2ba0?, 0xc02e4a2bd0?}, {0xc00c46a000?, 0xc013fb3b10?, 0xc015598e10?})
        /home/op/go/pkg/mod/github.com/projectdiscovery/[email protected]/reader/reusable_read_closer.go:83 +0xb8
io.discard.ReadFrom({}, {0x2960200, 0xc02e2a76a0})
        /usr/local/go/src/io/io.go:611 +0x72
io.copyBuffer({0x29639c0, 0x39572e0}, {0x2960200, 0xc02e2a76a0}, {0x0, 0x0, 0x0})
        /usr/local/go/src/io/io.go:413 +0x14b
io.Copy(...)
        /usr/local/go/src/io/io.go:386
net/http.(*transferWriter).doBodyCopy(0xc00345d860, {0x29639c0?, 0x39572e0?}, {0x2960200?, 0xc02e2a76a0?})
        /usr/local/go/src/net/http/transfer.go:412 +0x4d
net/http.(*transferWriter).writeBody(0xc00345d860, {0x295c660, 0xc001ef9200})
        /usr/local/go/src/net/http/transfer.go:375 +0x418
net/http.(*Request).write(0xc017058c00, {0x295c660, 0xc001ef9200}, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/http/request.go:701 +0xb46
net/http.(*persistConn).writeLoop(0xc01087a480)
        /usr/local/go/src/net/http/transport.go:2395 +0x174
created by net/http.(*Transport).dialConn
        /usr/local/go/src/net/http/transport.go:1752 +0x1791

Steps To Reproduce:

cat targets.txt  | nuclei -silent -s high,critical -rate-limit 1000 -o result.log -timeout 10 -etags xss,takeover -tags rce,joomla,injection,sqli,tomcat,phpmyadmin,fileupload -et cves/2020/CVE-2020-35489.yaml,cves/2021/CVE-2021-24917.yaml,cves/2021/CVE-2021-24340.yaml,vulnerabilities/magento/magento-cacheleak.yaml,cves/2021/CVE-2021-27905.yaml
@AM8bit AM8bit added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Feb 20, 2023
@AM8bit
Copy link
Author

AM8bit commented Feb 21, 2023

I found that the "-rate-Limit 1000" parameter will have abnormalities when scanning a lot of tasks, which is just my guess. Targets.txt tasks are about 30,000 lines.

@Mzack9999 Mzack9999 self-assigned this Mar 20, 2023
@Mzack9999 Mzack9999 mentioned this issue Mar 20, 2023
Merged
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Mar 21, 2023
@ehsandeep ehsandeep added this to the nuclei v2.9.1 milestone Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v2.9.1
Development

Successfully merging a pull request may close this issue.

Guard against concurrent reset projectdiscovery/utils
3 participants
@ehsandeep @Mzack9999 @AM8bit