PT-2022-24916 · Nextcloud+1 · Nextcloud Server+1

Errorsec

Published

2022-08-26

Updated

2023-04-03

CVE-2022-39346

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 22.2.10 Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3

Description The Nextcloud server is an open source personal cloud server. Affected versions of the Nextcloud server did not properly limit user display names, which could allow malicious users to overload the backing database and cause a denial of service.

Recommendations For versions prior to 22.2.10, upgrade to 22.2.10. For versions prior to 23.0.7, upgrade to 23.0.7. For versions prior to 24.0.3, upgrade to 24.0.3.

Exploit

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ALT-PU-2022-2504

ALT-PU-2022-2555

CVE-2022-39346

GHSA-6W9F-JGJX-4VJ6

OPENSUSE-SU-2023:0083-1

Affected Products

Alt Linux

Nextcloud Server

PT-2022-24916 · Nextcloud+1 · Nextcloud Server+1

CVE-2022-39346

Weakness Enumeration

Related Identifiers

Affected Products

References · 21