CVE-2022-3364

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.5.0a3

Description The issue is related to the allocation of resources without limits or throttling, allowing users to insert an email longer than 255 characters. If a user signs up with an excessively long email and performs certain actions like logging in, withdrawing, or changing their email, the server may experience a denial of service due to overload.

Recommendations For versions prior to 2.5.0a3, update to version 2.5.0a3 or later to resolve the issue. As a temporary workaround, consider restricting the length of email addresses that can be used for sign-up to prevent potential denial of service attacks.