CVE-2023-25816

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nextcloud versions 25.0.0 through 25.0.2

Description The issue is related to Uncontrolled Resource Consumption in Nextcloud, an Open Source private cloud software. A user can configure a very long password, which consumes more resources on password validation than desired, potentially leading to a denial of service. This can be exploited by a remote attacker.

Recommendations For versions 25.0.0 through 25.0.2, update to version 25.0.3 to resolve the issue. As a temporary workaround is not available, ensuring timely updates is crucial.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2023-1116

ALT-PU-2023-1176

BDU:2023-02153

CVE-2023-25816

GHSA-53Q2-CM29-7J83

Affected Products

Alt Linux

Nextcloud

Red Os

CVE-2023-25816

Weakness Enumeration

Related Identifiers

Affected Products

References · 30