PT-2022-15040 · Unknown+2 · Onionshare+2
Micahflee
·
Published
2022-01-18
·
Updated
2025-07-08
·
CVE-2022-21689
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OnionShare versions 2.4
Description
The receive mode in OnionShare limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network. A penetration test conducted between September 26, 2021, and October 8, 2021, demonstrated this vulnerability using a script that sent around 6000 requests in parallel, blocking file upload on a public receive instance.
Recommendations
- Remove the limitation of 100 concurrent uploads per second.
- Derive directory name from milliseconds to prevent the creation of more than 100 directories per second. As a temporary workaround, consider restricting access to the receive mode to minimize the risk of exploitation.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Onionshare
Ubuntu