CVE-2022-29243

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4

Description The issue is related to missing input-size validation of new session names in Nextcloud Server, allowing users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance.

Recommendations For Nextcloud Server versions prior to 22.2.7, update to version 22.2.7 or later to resolve the issue. For Nextcloud Server versions prior to 23.0.4, update to version 23.0.4 or later to resolve the issue.

Exploit

Fix

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ALT-PU-2022-2504

ALT-PU-2022-2555

CVE-2022-29243

GHSA-7CWM-QPH5-4H5W

Affected Products

Alt Linux

Nextcloud Server

CVE-2022-29243

Weakness Enumeration

Related Identifiers

Affected Products

References · 9