CVE-2022-39380

Name of the Vulnerable Software and Affected Versions Wire web-app versions prior to 2022-11-02

Description The issue is related to Improper Handling of Exceptional Conditions in the Wire web-app. Certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation, making it impossible to display the affected chat history. Other conversations are not affected. The error occurs when attempting to retrieve messages from the conversation history and the malformed message is part of the result.

Recommendations For on-premise instances of wire-webapp, update to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0) to resolve the issue. As a temporary workaround, use an iOS or Android client and delete the corresponding message from the history, or write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message.