CVE-2022-3295

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.8

Description The issue concerns the allocation of resources without limits or throttling, which can lead to a denial-of-service (DOS) attack or memory corruption. Specifically, there is no limit on the length of root directory names, allowing users to enter long strings. This can be exploited to cause a DOS attack or memory corruption.

Recommendations For versions prior to 2.4.8, update to version 2.4.8, which defines field limits for username, email, and root directory to prevent this issue.