PT-2025-51291 · Unknown · Syncbreeze
Mohamed Youssef
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-53873
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SyncBreeze version 15.2.24
Description
SyncBreeze version 15.2.24 is subject to a denial of service condition within its login authentication process. An attacker can disrupt service availability by sending an oversized
password parameter to the login endpoint. Specifically, repeatedly including 'password=' values can overwhelm the system and cause a crash. The vulnerable API endpoint is the login endpoint.Recommendations
Limit the size of the
password parameter accepted by the login authentication mechanism.Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syncbreeze