PT-2023-2470 · Nextcloud+2 · Nextcloud Server+2

Nickvergessen

Publicado

2023-01-23

Atualizado

2023-04-18

CVE-2023-28644

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nextcloud server versions 25.0.0 through 25.0.2

Description The issue is related to an inefficient fetch operation that may impact server performance and/or lead to a denial of service. This can be exploited by a remote attacker to initiate a denial of service attack. The vulnerability is associated with uncontrolled resource consumption.

Recommendations For Nextcloud server versions 25.0.0 through 25.0.2, upgrade to version 25.0.3 to address the issue. There are no known workarounds for this vulnerability.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2023-1116

ALT-PU-2023-1176

BDU:2023-02260

CVE-2023-28644

GHSA-9WMJ-GP8V-477J

Produtos afetados

Alt Linux

Nextcloud Server

Red Os

PT-2023-2470 · Nextcloud+2 · Nextcloud Server+2

CVE-2023-28644

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10