CVE-2022-25891

Exploit

EPSS 1.27%
Veröffentlicht 15.07.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 06:53:10
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service (DoS)

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Containrrr ≫ Shoutrrr Version < 0.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.27%	0.66

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
report@snyk.io	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42

Patch

Third Party Advisory

https://github.com/containrrr/shoutrrr/issues/240

Patch

Third Party Advisory

Exploit

Issue Tracking

https://github.com/containrrr/shoutrrr/pull/242

Patch

Third Party Advisory

https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0

Third Party Advisory

Release Notes

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25891

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-25891