CVE-2022-3298

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.8

Description The issue is related to the allocation of resources without limits or throttling, which can lead to a Denial of Service (DoS) attack. Specifically, an unlimited length "title" field when adding an SSH key can result in excess memory consumption. There are no known workarounds for this issue.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 to resolve the issue. As a temporary workaround, consider restricting the length of the title field when adding an SSH key to minimize the risk of exploitation.