PT-2022-28068 · Unknown · Drachtio-Server
Asarubboo
·
Published
2022-12-18
·
Updated
2022-12-22
·
CVE-2022-47515
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
drachtio-server versions prior to 0.8.20
Description
An issue in drachtio-server allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a long message in a TCP request, which leads to a std::length error.
Recommendations
For versions prior to 0.8.20, update to version 0.8.20 or later to resolve the issue. As a temporary workaround, consider restricting the length of messages in TCP requests to prevent the daemon crash.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drachtio-Server