9.8

CVE-2022-3273

Exploit

Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ikus-softRdiffweb Version <= 2.4.10
Ikus-softRdiffweb Version2.5.0 Updatealpha1
Ikus-softRdiffweb Version2.5.0 Updatealpha2
Ikus-softRdiffweb Version2.5.0 Updatealpha3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.35
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev 3.6 0.2 3.4
CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
Patch
Third Party Advisory
https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
Patch
Third Party Advisory
Exploit