PT-2023-2470 · Nextcloud+2 · Nextcloud Server+2

Nickvergessen

Published

2023-01-23

Updated

2023-04-18

CVE-2023-28644

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nextcloud server versions 25.0.0 through 25.0.2

Description The issue is related to an inefficient fetch operation that may impact server performance and/or lead to a denial of service. This can be exploited by a remote attacker to initiate a denial of service attack. The vulnerability is associated with uncontrolled resource consumption.

Recommendations For Nextcloud server versions 25.0.0 through 25.0.2, upgrade to version 25.0.3 to address the issue. There are no known workarounds for this vulnerability.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2023-1116

ALT-PU-2023-1176

BDU:2023-02260

CVE-2023-28644

GHSA-9WMJ-GP8V-477J

Affected Products

Alt Linux

Nextcloud Server

Red Os

PT-2023-2470 · Nextcloud+2 · Nextcloud Server+2

CVE-2023-28644

Weakness Enumeration

Related Identifiers

Affected Products

References · 10