PT-2022-21826 · Rdiffweb · Rdiffweb
Published
2022-09-30
·
Updated
2022-10-04
·
CVE-2022-3371
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
rdiffweb versions prior to 2.5.0a3
Description
The issue is related to the allocation of resources without limits or throttling. A lack of limit in the length of the
Token name parameter can result in denial of service or memory corruption.Recommendations
For versions prior to 2.5.0a3, update to version 2.5.0a3 to resolve the issue. As a temporary workaround, consider restricting the length of the
Token name parameter to prevent potential denial of service or memory corruption.Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rdiffweb