CVE-2022-41968

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 23.0.10 Nextcloud Server versions prior to 24.0.5

Description The issue arises from the lack of validation of calendar name lengths before they are written to a database. This allows an attacker to send excessive amounts of data to the database.

Recommendations For versions prior to 23.0.10, update to version 23.0.10 to resolve the issue. For versions prior to 24.0.5, update to version 24.0.5 to resolve the issue.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1284

Related Identifiers

ALT-PU-2022-2949

ALT-PU-2023-1056

CVE-2022-41968

GHSA-M92J-XXC8-HQ3V

Affected Products

Alt Linux

Nextcloud Server

CVE-2022-41968

Weakness Enumeration

Related Identifiers

Affected Products

References · 8