CVE-2022-3272

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.8

Description The issue arises from improper handling of length parameter inconsistency, specifically in the validation of email length. This allows users to insert an email longer than 255 characters. If a user signs up with an excessively long email and performs actions like logging in, withdrawing, or changing their email, it can cause a denial of service due to server overload. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.4.8, update to version 2.4.8, which sets length limits for username, email, and root directory to prevent the issue. As a temporary workaround, consider restricting the length of user input for emails to prevent potential denial of service attacks until the update can be applied.